Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hatte Qvo6 was nun

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 02.09.2013, 16:53   #1
werama
 
Hatte Qvo6 was nun - Standard

Hatte Qvo6 was nun



Nach allerlei Versuchen den qvo6 rauszubringen war dies nur teilweise möglich. Unter dem IE-Button war er immer noch da.
Nachdem ich das System 2 Tage zurückgesetzt habe und wieder gestartet habe ist er anscheinend ganz weg (inzwischen 3 mal gestartet).

Ich trau der Sache jedoch nicht deshalb die Frage an die Spezialisten was nun ?
Ich arbeite seit Jahren mit: Windows7; AVG; Malwarebytes; selten mit CCleaner

Die Logfiles hab ich 3 Stunden vor der System-Rücksetzung erstellt.

Gruss Ulf



Code:
ATTFilter
Malwarebytes Anti-
Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
uwchif1 :: DESKTOP-ULF [Administrator]

14.08.2013 11:49:21
mbam-log-2013-08-14 (11-49-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 475716
Laufzeit: 48 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.

(Ende)


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
uwchif1 :: DESKTOP-ULF [Administrator]

31.08.2013 13:48:41
mbam-log-2013-08-31 (13-48-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 474663
Laufzeit: 53 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\uwchif1\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\uwchif1\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
uwchif1 :: DESKTOP-ULF [Administrator]

01.09.2013 08:47:30
mbam-log-2013-09-01 (08-47-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476568
Laufzeit: 47 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\SystemRestore\FRStaging\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.

(Ende)


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
uwchif1 :: DESKTOP-ULF [Administrator]

01.09.2013 09:40:28
mbam-log-2013-09-01 (09-40-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 131614
Laufzeit: 17 Minute(n), 1 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\SystemRestore\FRStaging\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04
Ran by uwchif1 (administrator) on DESKTOP-ULF on 02-09-2013 14:54:16
Running from C:\Users\uwchif1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [SchnellerPC] - C:\Program Files (x86)\SchnellerPC\SCPCLauncher.exe [452584 2013-03-02] (Software Marketing Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-15] ()
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
AppInit_DLLs:     [0 ] ()
Startup: C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {81A13A02-5941-4CE4-AE8B-B6BBCA9C3C91} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^ch&si=CK-gpd-jo7kCFYWN3godBiAAlA&ptb=8EC418E7-54A6-4905-8782-C4D5EE269429&ind=2013082914&n=77fd3522&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2E139345-69EB-48BD-92F0-F01D71887AD0}&mid=bcea127b049647d6aeda9128c028b174-837f3246ddc3f257f6db68ccd6395faa63eea49b&lang=de&ds=lw011&pr=sa&d=2013-07-25 15:37:53&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2E139345-69EB-48BD-92F0-F01D71887AD0}&mid=bcea127b049647d6aeda9128c028b174-837f3246ddc3f257f6db68ccd6395faa63eea49b&lang=de&ds=lw011&pr=sa&d=2013-07-25 15:37:53&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lightning Newtab) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0
CHR Extension: (Skype Click to Call) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (AVG Security Toolbar) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_2
CHR Extension: (Chrome In-App Payments service) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (NCH DE) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\10.11.21.5_0
CHR Extension: (Gmail) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\uwchif1\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [ommhmgednjnodcljhlljkaiidghdmikk] - C:\Users\uwchif1\AppData\Local\CRE\ommhmgednjnodcljhlljkaiidghdmikk.crx

==================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
S3 SXDS10; "C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe" \Service [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-31] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 OxPCIeMf; C:\Windows\System32\DRIVERS\OxPCIeMf.sys [62000 2009-09-24] (OEM)
R3 OxPCIeSer; C:\Windows\System32\DRIVERS\OxPCIeSer.sys [102960 2009-09-24] (OEM)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 14:51 - 2013-09-02 14:52 - 01951950 _____ (Farbar) C:\Users\uwchif1\Desktop\FRST64.exe
2013-09-02 14:46 - 2013-09-02 14:46 - 01951950 _____ (Farbar) C:\Users\uwchif1\Downloads\FRST64.exe
2013-09-02 14:25 - 2013-09-02 14:25 - 00000476 _____ C:\Users\uwchif1\Desktop\defogger_disable.log
2013-09-02 14:25 - 2013-09-02 14:25 - 00000000 _____ C:\Users\uwchif1\defogger_reenable
2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SchnellerPC
2013-09-02 14:20 - 2013-09-02 14:20 - 00001005 _____ C:\Users\uwchif1\Desktop\SchnellerPC.lnk
2013-09-02 14:20 - 2013-09-02 14:20 - 00000000 ____D C:\Program Files (x86)\SchnellerPC
2013-09-02 11:29 - 2013-09-02 11:29 - 00000000 ____D E:\Eigene Dokumente\Fax
2013-08-31 23:38 - 2013-08-31 23:38 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-31 21:26 - 2013-08-31 21:26 - 00004332 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\LavasoftStatistics
2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-31 21:23 - 2013-09-01 20:09 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-08-31 21:22 - 2013-09-01 08:05 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Ad-Aware Antivirus
2013-08-31 21:22 - 2013-08-31 21:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 _____ C:\autoexec.bat
2013-08-31 20:45 - 2013-08-31 21:07 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-08-31 20:22 - 2013-08-31 21:08 - 00000000 ____D C:\ProgramData\SpeedMaxPc
2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SpeedMaxPc
2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DriverCure
2013-08-31 19:13 - 2013-08-31 19:13 - 00000000 ___DC C:\Users\uwchif1\AppData\Local\MigWiz
2013-08-31 17:54 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-31 17:54 - 2013-08-31 18:36 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-31 17:54 - 2013-08-31 17:54 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5792.dll
2013-08-31 13:45 - 2013-09-02 07:42 - 00001064 _____ C:\Windows\setupact.log
2013-08-31 13:45 - 2013-09-01 09:58 - 00003756 _____ C:\Windows\PFRO.log
2013-08-31 13:45 - 2013-08-31 13:45 - 00000000 _____ C:\Windows\setuperr.log
2013-08-30 14:16 - 2013-08-30 14:16 - 00001162 _____ C:\Users\uwchif1\Desktop\AusstellungStG - Verknüpfung.lnk
2013-08-29 21:48 - 2013-08-29 21:48 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-08-29 21:48 - 2009-09-27 09:39 - 00369152 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2013-08-29 21:48 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2013-08-29 21:48 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2013-08-29 21:48 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2013-08-29 21:48 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2013-08-29 21:37 - 2013-08-29 21:37 - 00001070 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-08-29 21:37 - 2013-08-29 21:37 - 00000000 ____D E:\Eigene Dokumente\eRightSoft
2013-08-29 21:37 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2013-08-29 21:37 - 2011-06-14 20:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2013-08-29 21:37 - 2011-02-11 11:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2013-08-29 21:37 - 2010-01-07 00:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2013-08-29 21:37 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax
2013-08-29 21:37 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax
2013-08-29 21:37 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax
2013-08-29 21:37 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll
2013-08-29 21:37 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll
2013-08-29 21:37 - 2006-09-12 12:46 - 00227328 __RSH () C:\Windows\SysWOW64\ac3DX.ax
2013-08-29 21:37 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax
2013-08-29 21:37 - 2006-05-03 11:06 - 00163328 __RSH (Gabest) C:\Windows\SysWOW64\flvDX.dll
2013-08-29 21:37 - 2006-03-10 21:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax
2013-08-29 21:37 - 2006-01-13 00:23 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax
2013-08-29 21:37 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax
2013-08-29 21:37 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2013-08-29 21:37 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax
2013-08-29 21:37 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax
2013-08-29 21:37 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax
2013-08-29 21:37 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax
2013-08-29 21:37 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax
2013-08-29 21:37 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2013-08-29 21:37 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax
2013-08-29 21:37 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax
2013-08-29 21:37 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2013-08-29 21:37 - 2004-04-27 17:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2013-08-29 21:37 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax
2013-08-29 21:36 - 2013-08-29 21:37 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-08-29 21:35 - 2013-08-29 21:35 - 00000000 ____D C:\ProgramData\Registry Helper
2013-08-29 21:34 - 2013-08-30 09:01 - 00000000 ____D C:\ProgramData\eSafe
2013-08-29 21:24 - 2013-08-29 21:24 - 00000000 ____D C:\Users\uwchif1\AppData\Local\avgchrome
2013-08-29 21:19 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2013-08-29 21:19 - 2013-08-29 21:19 - 00003244 _____ C:\Windows\System32\Tasks\DSite
2013-08-29 21:19 - 2013-08-29 21:19 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-29 21:19 - 2013-08-29 21:19 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DSite
2013-08-29 21:17 - 2012-12-18 19:22 - 00039464 _____ (popularscreensavers.com) C:\Windows\SysWOW64\p5PSSavr.scr
2013-08-29 21:16 - 2013-08-29 21:16 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers_7iEI
2013-08-29 21:15 - 2013-08-29 21:15 - 00000000 ____D C:\Users\uwchif1\AppData\Local\IAC
2013-08-29 20:26 - 2013-08-29 20:26 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4zEI
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\AVS4YOU
2013-08-29 20:01 - 2013-08-29 21:22 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-29 20:01 - 2013-08-29 20:02 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-08-29 20:01 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2013-08-29 19:03 - 2013-08-31 19:35 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\FreeVideoConverter
2013-08-29 18:29 - 2013-08-29 18:30 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\MOVAVI
2013-08-29 18:22 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-29 18:22 - 2013-08-30 08:59 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Conduit
2013-08-29 18:22 - 2013-08-29 18:22 - 00000009 _____ C:\END
2013-08-29 18:16 - 2013-08-29 18:17 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{28EE0CF4-4FA1-4831-B70E-305AF422CCA8}
2013-08-27 11:52 - 2013-08-27 11:52 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B0E3A927-825D-4349-A357-AE060E7591F9}
2013-08-25 17:39 - 2013-08-25 17:39 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{4694980C-3B66-4236-A275-8A0D55FEFC63}
2013-08-22 15:06 - 2013-08-22 15:06 - 00001662 _____ C:\Users\uwchif1\Desktop\Ausstellung-Restauration - Verknüpfung.lnk
2013-08-19 02:35 - 2013-08-19 02:35 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
2013-08-14 17:34 - 2013-08-14 17:35 - 68454702 _____ C:\Users\uwchif1\Downloads\Werkzeuge Manching.zip
2013-08-14 13:46 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 13:46 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 13:46 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 13:46 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 13:46 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 13:46 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 13:46 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 13:46 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 13:46 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 13:46 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 13:46 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 13:46 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 13:46 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 13:45 - 2013-08-14 13:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 08:02 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:02 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:02 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:02 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:02 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:02 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:02 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:02 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:01 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:00 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:00 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:00 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:00 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:00 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:00 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:00 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:00 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:00 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:00 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:00 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:00 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:00 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:00 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:00 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:00 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-08-14 08:00 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-08-14 08:00 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-14 08:00 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-14 08:00 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-08-14 08:00 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-14 08:00 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 08:00 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-08-14 07:59 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:59 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 15:09 - 2013-08-13 15:10 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B77A04AC-DAC8-494F-9E35-F1D8FFA6DA20}
2013-08-13 15:09 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{65664285-D53D-4372-AF47-A49D709217A5}
2013-08-12 20:46 - 2013-08-12 20:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{E8FAFCC9-02B6-4828-A4AF-713A64C4A5A8}
2013-08-12 08:46 - 2013-08-12 08:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3E36D23B-02D4-45A3-9334-BDA9B43B8E2A}
2013-08-07 17:04 - 2013-08-07 17:04 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3F5BC0E4-E415-4B3B-8C54-A74579033DDA}
2013-08-04 09:45 - 2013-08-31 19:35 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\PersBackup5
2013-08-04 09:45 - 2013-08-27 21:58 - 00000000 ____D E:\Eigene Dokumente\PersBackup
2013-08-04 09:44 - 2013-08-04 09:44 - 00000887 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk
2013-08-04 09:44 - 2013-08-04 09:44 - 00000000 ____D C:\Program Files\Personal Backup 5
2013-08-03 17:44 - 2013-08-03 17:44 - 00000000 ____D C:\archive_db
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\launcher
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\explauncher
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\backup
2013-08-03 16:51 - 2013-08-03 16:51 - 00000000 ____D C:\Program Files (x86)\Paragon Software

==================== One Month Modified Files and Folders =======

2013-09-02 14:52 - 2013-09-02 14:52 - 00000000 ____D C:\FRST
2013-09-02 14:52 - 2013-09-02 14:51 - 01951950 _____ (Farbar) C:\Users\uwchif1\Desktop\FRST64.exe
2013-09-02 14:46 - 2013-09-02 14:46 - 01951950 _____ (Farbar) C:\Users\uwchif1\Downloads\FRST64.exe
2013-09-02 14:44 - 2011-12-14 19:01 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-02 14:35 - 2010-07-17 10:52 - 00000000 ____D E:\Eigene Dokumente\Daten-Ulf
2013-09-02 14:25 - 2013-09-02 14:25 - 00000476 _____ C:\Users\uwchif1\Desktop\defogger_disable.log
2013-09-02 14:25 - 2013-09-02 14:25 - 00000000 _____ C:\Users\uwchif1\defogger_reenable
2013-09-02 14:25 - 2010-07-01 12:09 - 00000000 ____D C:\Users\uwchif1
2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SchnellerPC
2013-09-02 14:20 - 2013-09-02 14:20 - 00001005 _____ C:\Users\uwchif1\Desktop\SchnellerPC.lnk
2013-09-02 14:20 - 2013-09-02 14:20 - 00000000 ____D C:\Program Files (x86)\SchnellerPC
2013-09-02 14:14 - 2013-02-21 20:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 13:50 - 2012-06-08 13:49 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
2013-09-02 12:58 - 2010-12-28 16:01 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 11:33 - 2010-04-07 08:30 - 01987809 _____ C:\Windows\WindowsUpdate.log
2013-09-02 11:29 - 2013-09-02 11:29 - 00000000 ____D E:\Eigene Dokumente\Fax
2013-09-02 11:29 - 2009-12-31 06:05 - 00647128 _____ C:\Windows\system32\perfh007.dat
2013-09-02 11:29 - 2009-12-31 06:05 - 00127206 _____ C:\Windows\system32\perfc007.dat
2013-09-02 11:29 - 2009-07-14 07:13 - 01480600 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 07:49 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 07:49 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 07:42 - 2013-08-31 13:45 - 00001064 _____ C:\Windows\setupact.log
2013-09-02 07:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 20:09 - 2013-08-31 21:23 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-01 09:58 - 2013-08-31 13:45 - 00003756 _____ C:\Windows\PFRO.log
2013-09-01 09:06 - 2012-12-13 11:43 - 00000000 ____D E:\Eigene Dokumente\AusstellungStG
2013-09-01 08:23 - 2010-07-01 12:17 - 00001675 _____ C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-01 08:05 - 2013-08-31 21:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Ad-Aware Antivirus
2013-08-31 23:38 - 2013-08-31 23:38 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-31 21:26 - 2013-08-31 21:26 - 00004332 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\LavasoftStatistics
2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-08-31 21:22 - 2013-08-31 21:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-31 21:08 - 2013-08-31 20:22 - 00000000 ____D C:\ProgramData\SpeedMaxPc
2013-08-31 21:07 - 2013-08-31 20:45 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-08-31 20:59 - 2011-05-25 15:37 - 00000000 ____D E:\Eigene Dokumente\WOMO
2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 _____ C:\autoexec.bat
2013-08-31 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SpeedMaxPc
2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DriverCure
2013-08-31 19:35 - 2013-08-31 17:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-31 19:35 - 2013-08-29 21:19 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2013-08-31 19:35 - 2013-08-29 19:03 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\FreeVideoConverter
2013-08-31 19:35 - 2013-08-29 18:22 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-31 19:35 - 2013-08-04 09:45 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\PersBackup5
2013-08-31 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-31 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-31 19:17 - 2011-12-26 17:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Audacity
2013-08-31 19:17 - 2010-07-03 11:30 - 00000000 ___RD E:\Eigene Dokumente\UlfAntik
2013-08-31 19:17 - 2010-07-01 12:17 - 00000000 ___RD C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 19:13 - 2013-08-31 19:13 - 00000000 ___DC C:\Users\uwchif1\AppData\Local\MigWiz
2013-08-31 18:36 - 2013-08-31 17:54 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-31 18:36 - 2012-08-02 21:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Systweak
2013-08-31 18:35 - 2010-07-03 11:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-31 18:15 - 2009-12-31 06:00 - 00000000 ____D C:\Windows\Panther
2013-08-31 17:54 - 2013-08-31 17:54 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5792.dll
2013-08-31 13:45 - 2013-08-31 13:45 - 00000000 _____ C:\Windows\setuperr.log
2013-08-31 13:25 - 2010-11-15 22:50 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Deployment
2013-08-31 13:12 - 2010-07-22 10:24 - 00000000 ____D C:\ProgramData\Google
2013-08-31 13:12 - 2010-07-03 11:47 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Google
2013-08-31 11:17 - 2011-12-23 14:56 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-31 11:17 - 2010-07-02 16:01 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-31 11:16 - 2010-07-02 16:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\HpUpdate
2013-08-31 11:16 - 2010-07-02 16:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\HP Support Assistant
2013-08-30 14:39 - 2010-07-03 14:07 - 00000000 ____D E:\Eigene Dokumente\Schloss-Bilder-1#1
2013-08-30 14:16 - 2013-08-30 14:16 - 00001162 _____ C:\Users\uwchif1\Desktop\AusstellungStG - Verknüpfung.lnk
2013-08-30 09:51 - 2010-07-03 14:08 - 00000000 ____D E:\Eigene Dokumente\Archiv-Schloss
2013-08-30 09:13 - 2010-07-12 15:09 - 00000000 ____D E:\Eigene Dokumente\Buch-Schlösser
2013-08-30 09:01 - 2013-08-29 21:34 - 00000000 ____D C:\ProgramData\eSafe
2013-08-30 08:59 - 2013-08-29 18:22 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Conduit
2013-08-30 08:05 - 2012-08-02 21:40 - 00001660 _____ C:\Windows\system32\ASOROSet.bin
2013-08-30 08:05 - 2009-07-14 04:34 - 71565312 _____ C:\Windows\system32\config\software.bak
2013-08-30 08:05 - 2009-07-14 04:34 - 17039360 _____ C:\Windows\system32\config\system.bak
2013-08-30 08:05 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2013-08-29 22:14 - 2012-08-30 21:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-08-29 22:14 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak
2013-08-29 22:11 - 2012-08-02 21:40 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-08-29 21:48 - 2013-08-29 21:48 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-08-29 21:37 - 2013-08-29 21:37 - 00001070 _____ C:\Users\Public\Desktop\SUPER ©.lnk
2013-08-29 21:37 - 2013-08-29 21:37 - 00000000 ____D E:\Eigene Dokumente\eRightSoft
2013-08-29 21:37 - 2013-08-29 21:36 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2013-08-29 21:35 - 2013-08-29 21:35 - 00000000 ____D C:\ProgramData\Registry Helper
2013-08-29 21:24 - 2013-08-29 21:24 - 00000000 ____D C:\Users\uwchif1\AppData\Local\avgchrome
2013-08-29 21:22 - 2013-08-29 20:01 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-08-29 21:19 - 2013-08-29 21:19 - 00003244 _____ C:\Windows\System32\Tasks\DSite
2013-08-29 21:19 - 2013-08-29 21:19 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-29 21:19 - 2013-08-29 21:19 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DSite
2013-08-29 21:16 - 2013-08-29 21:16 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers_7iEI
2013-08-29 21:15 - 2013-08-29 21:15 - 00000000 ____D C:\Users\uwchif1\AppData\Local\IAC
2013-08-29 21:01 - 2012-08-30 21:16 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-29 20:43 - 2012-08-30 21:16 - 00000000 ____D C:\ProgramData\NCH Software
2013-08-29 20:38 - 2012-08-30 21:12 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\NCH Software
2013-08-29 20:26 - 2013-08-29 20:26 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4zEI
2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\AVS4YOU
2013-08-29 20:02 - 2013-08-29 20:01 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-08-29 18:30 - 2013-08-29 18:29 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\MOVAVI
2013-08-29 18:22 - 2013-08-29 18:22 - 00000009 _____ C:\END
2013-08-29 18:17 - 2013-08-29 18:16 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{28EE0CF4-4FA1-4831-B70E-305AF422CCA8}
2013-08-29 18:13 - 2010-07-03 14:13 - 00000000 ____D E:\Eigene Dokumente\Kamera
2013-08-27 21:58 - 2013-08-04 09:45 - 00000000 ____D E:\Eigene Dokumente\PersBackup
2013-08-27 11:52 - 2013-08-27 11:52 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B0E3A927-825D-4349-A357-AE060E7591F9}
2013-08-25 17:39 - 2013-08-25 17:39 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{4694980C-3B66-4236-A275-8A0D55FEFC63}
2013-08-25 12:08 - 2012-11-27 10:32 - 00000000 ____D E:\Eigene Dokumente\Buch-Altes-Eisen
2013-08-25 09:13 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-22 18:36 - 2012-08-02 21:21 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-22 15:06 - 2013-08-22 15:06 - 00001662 _____ C:\Users\uwchif1\Desktop\Ausstellung-Restauration - Verknüpfung.lnk
2013-08-19 02:35 - 2013-08-19 02:35 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
2013-08-16 21:55 - 2010-09-13 18:12 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Skype
2013-08-15 07:42 - 2013-07-25 15:37 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-15 07:42 - 2012-11-08 17:09 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-14 17:35 - 2013-08-14 17:34 - 68454702 _____ C:\Users\uwchif1\Downloads\Werkzeuge Manching.zip
2013-08-14 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 13:46 - 2013-08-14 13:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 13:45 - 2010-07-04 08:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 13:44 - 2009-07-14 04:34 - 00000534 _____ C:\Windows\win.ini
2013-08-13 15:10 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B77A04AC-DAC8-494F-9E35-F1D8FFA6DA20}
2013-08-13 15:09 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{65664285-D53D-4372-AF47-A49D709217A5}
2013-08-12 20:46 - 2013-08-12 20:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{E8FAFCC9-02B6-4828-A4AF-713A64C4A5A8}
2013-08-12 08:46 - 2013-08-12 08:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3E36D23B-02D4-45A3-9334-BDA9B43B8E2A}
2013-08-10 15:10 - 2013-01-31 14:37 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Nitro PDF
2013-08-07 17:04 - 2013-08-07 17:04 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3F5BC0E4-E415-4B3B-8C54-A74579033DDA}
2013-08-07 11:47 - 2010-07-03 20:21 - 00000000 ____D C:\Depot
2013-08-07 04:22 - 2010-07-01 12:18 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-04 09:46 - 2012-01-21 12:47 - 00000000 ____D E:\Eigene Dokumente\AG
2013-08-04 09:44 - 2013-08-04 09:44 - 00000887 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk
2013-08-04 09:44 - 2013-08-04 09:44 - 00000000 ____D C:\Program Files\Personal Backup 5
2013-08-03 17:44 - 2013-08-03 17:44 - 00000000 ____D C:\archive_db
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\launcher
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\explauncher
2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\backup
2013-08-03 16:51 - 2013-08-03 16:51 - 00000000 ____D C:\Program Files (x86)\Paragon Software
2013-08-03 14:09 - 2010-07-01 20:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-03 14:08 - 2013-02-08 17:36 - 00000000 ____D C:\ProgramData\POIbase
2013-08-03 14:08 - 2013-02-08 17:36 - 00000000 ____D C:\Program Files (x86)\POIbase

Files to move or delete:
====================
C:\Users\uwchif1\AppData\Local\Temp\356770a9-089c-4189-b988-6c4fcf78c93a.exe
C:\Users\uwchif1\AppData\Local\Temp\BackupSetup.exe
C:\Users\uwchif1\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\uwchif1\AppData\Local\Temp\eb189944-ef15-4244-a419-7a92d9fd502c.exe
C:\Users\uwchif1\AppData\Local\Temp\MybabylonTB.exe
C:\Users\uwchif1\AppData\Local\Temp\propsys.dll
C:\Users\uwchif1\AppData\Local\Temp\SHSetup.exe
C:\Users\uwchif1\AppData\Local\Temp\UpdUninstall.exe
C:\Users\uwchif1\AppData\Local\Temp\{5B16AC35-2C8E-4285-94A7-B144931E2B0C}\ISBEW64.exe
C:\Users\uwchif1\AppData\Local\Temp\nsr3870.tmp\nsSCM.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsDialogs.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsisFirewall.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsProcess.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\System.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\UAC.dll
C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\xml.dll
C:\Users\uwchif1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\CartSdk.dll
C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\CartSdk64.exe
C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\sbrc.exe
C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\i386\sbbd.exe
C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\amd64\sbbd.exe
C:\Users\uwchif1\AppData\Local\Temp\2239ecf8-0d87-4063-a335-3402054db497\Statistics.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 00:10

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04
Ran by uwchif1 at 2013-09-02 14:54:53
Running from C:\Users\uwchif1\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 2013 (Version: 2013.0.3392)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Dreamweaver CS5.5 (x32 Version: 11.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Audacity 1.3.14 (Unicode) (x32)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3392)
AVG Security Toolbar (x32 Version: 15.5.0.2)
B109a-m (x32 Version: 130.0.396.000)
BabylonObjectInstaller (x32 Version: 2.0.0.4)
Biet-O-Matic v2.14.8 (x32 Version: Biet-O-Matic v2.14.8)
Bing Bar (x32 Version: 7.0.850.0)
BufferChm (x32 Version: 130.0.331.000)
Canon Utilities Digital Photo Professional 3.7 (x32 Version: 3.7.3.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984)
CCC Help Czech (x32 Version: 2010.0310.1823.32984)
CCC Help Danish (x32 Version: 2010.0310.1823.32984)
CCC Help Dutch (x32 Version: 2010.0310.1823.32984)
CCC Help English (x32 Version: 2010.0310.1823.32984)
CCC Help Finnish (x32 Version: 2010.0310.1823.32984)
CCC Help French (x32 Version: 2010.0310.1823.32984)
CCC Help German (x32 Version: 2010.0310.1823.32984)
CCC Help Greek (x32 Version: 2010.0310.1823.32984)
CCC Help Hungarian (x32 Version: 2010.0310.1823.32984)
CCC Help Italian (x32 Version: 2010.0310.1823.32984)
CCC Help Japanese (x32 Version: 2010.0310.1823.32984)
CCC Help Korean (x32 Version: 2010.0310.1823.32984)
CCC Help Norwegian (x32 Version: 2010.0310.1823.32984)
CCC Help Polish (x32 Version: 2010.0310.1823.32984)
CCC Help Portuguese (x32 Version: 2010.0310.1823.32984)
CCC Help Russian (x32 Version: 2010.0310.1823.32984)
CCC Help Spanish (x32 Version: 2010.0310.1823.32984)
CCC Help Swedish (x32 Version: 2010.0310.1823.32984)
CCC Help Thai (x32 Version: 2010.0310.1823.32984)
CCC Help Turkish (x32 Version: 2010.0310.1823.32984)
ccc-core-static (x32 Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
CCleaner (Version: 3.19)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DHTML Editing Component (x32 Version: 6.02.0001)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224)
Google Earth (x32 Version: 5.2.1.1588)
GPBaseService2 (x32 Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.3.9512.3162)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart DVD (x32 Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3422)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Remote Solution (x32 Version: 1.1.12.0)
HP Setup (x32 Version: 1.2.3560.3170)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
HydraVision (x32 Version: 4.2.162.0)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.0.1037)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.2017)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Exchange Online Connector for Office Outlook 2003 (x32 Version: 1.0.1419.1)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Naviextras Toolbox (x32 Version: 3.11.0.24188)
Naviextras Toolbox Prerequesities (x32 Version: 1.0.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Nitro Pro 8 (Version: 8.5.2.10)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Personal Backup 5.4 (Version: 5.3)
PlayReady PC Runtime amd64 (Version: 1.3.0)
POIbase 1.051 (x32)
Power2Go (x32 Version: 6.0.3304)
PowerDirector (x32 Version: 7.0.3405)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000)
Recovery Manager (x32 Version: 5.5.2216)
Scan (x32 Version: 13.0.0.0)
SchnellerPC v3.1 (x32 Version: 3.1)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 5.10 (x32 Version: 5.10.116)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.373.000)
StreamTransport version: 1.0.2.2171 (x32)
SUPER © v2013.build.57+Recorder (2013/07/13) Version v2013.buil (x32 Version: v2013.build.57+Recorder)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WarrantyExtension (x32 Version: 1.00.0000)
Wartung Samsung CLP-320 Series (x32)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
XMedia Recode 3.0.6.0 (x32 Version: 3.0.6.0)

==================== Restore Points  =========================

22-08-2013 08:38:35 Geplanter Prüfpunkt
29-08-2013 15:11:35 Geplanter Prüfpunkt
29-08-2013 20:10:49 RegClean Pro Do, Aug 29, 13  22:10
31-08-2013 11:03:28 Removed Visual Studio 2008 x64 Redistributables
31-08-2013 16:13:32 Windows Modules Installer
31-08-2013 16:18:44 Windows Modules Installer
31-08-2013 16:31:53 Konfiguriert LabelPrint
31-08-2013 16:54:21 Wiederherstellungsvorgang
31-08-2013 17:50:16 Windows Modules Installer
31-08-2013 17:51:12 Windows Modules Installer
31-08-2013 18:45:57 Installed SpyHunter
31-08-2013 19:07:05 Removed SpyHunter
01-09-2013 06:12:44 Windows Modules Installer
01-09-2013 06:21:08 Windows Modules Installer
02-09-2013 08:15:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {17228B01-5AE1-450D-9DC0-8F06CCFF19C0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {19237CD0-CE2C-4A1D-90CD-0735C317F79E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {2D841DF5-A51B-4F28-B682-95520689DDAD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {35AEDA7F-E824-4CB9-995C-F546606D4826} - System32\Tasks\AdobeAAMUpdater-1.0-Desktop-ulf-uwchif1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {5B32E29E-7DE3-44F4-B3B2-2EF8562777F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {607D647B-619C-43D7-8803-314ABD002856} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7CCECA25-825D-44F8-919B-DBBF92219188} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {978CEEFD-12D2-46BC-B7DE-69F74764F8CE} - System32\Tasks\DSite => C:\Users\uwchif1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {9F9BD0D2-91A4-4493-98C5-51EA0D84B291} - System32\Tasks\{2BD84779-3E1A-4CA9-A68F-FB306554FE00} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {A349681D-6D04-40FE-B036-1C1D9365E92F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {ADB805CA-077C-4A32-9F0D-0CA23F38B866} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B01C81C4-78E2-4917-B038-3ED7A389DD4D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B5C7E2EB-8AED-4E33-96B5-8CADF85AF55C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {BBD8BCB0-BDBE-4E5C-ACAE-2D442526CA83} - System32\Tasks\4876 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation)
Task: {C3E1FE3F-2CF1-4ACE-A8DB-A5D171F7F0D0} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {C4754DFC-EFF8-4099-BDBB-C9CD6BC75C1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-20] (Microsoft)
Task: {DE0C0731-6046-47BC-B123-758A95C321CA} - System32\Tasks\{56132BB2-1AF7-4709-8FDE-FBF556DCB25F} => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation)
Task: {DF02A282-E62A-499A-94DD-9B33BDEBC881} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation)
Task: {F6D51F3C-88AF-42EA-A3A0-F9A51A26748C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {FA45962B-FDC0-406B-A8E0-FA14747D6E11} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\uwchif1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2010-07-03 09:27 - 2010-03-10 18:33 - 00036352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2009-07-14 01:30 - 2009-07-14 03:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2011-07-18 15:22 - 2010-11-20 15:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-07-14 02:08 - 2009-07-14 03:40 - 00748032 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2009-07-14 01:53 - 2009-07-14 03:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll
2012-08-15 16:52 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2009-07-14 02:31 - 2009-07-14 03:41 - 02137600 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2009-07-14 02:40 - 2009-07-14 03:41 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2009-07-14 02:40 - 2009-07-14 03:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2011-07-18 15:23 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2011-07-18 15:23 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2013-03-25 19:26 - 2013-03-25 19:26 - 00108552 _____ (Nitro PDF) C:\PROGRA~1\COMMON~1\Nitro\Pro\8.0\NPSHEL~1.DLL
2013-03-28 02:48 - 2013-03-28 02:48 - 00266288 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsea.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2013-06-27 01:54 - 2013-06-27 01:54 - 01018416 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll
2009-07-14 01:35 - 2009-07-14 03:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2009-07-14 02:08 - 2009-07-14 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\NetworkItemFactory.dll
2009-07-14 02:08 - 2009-07-14 03:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\fdwcn.dll
2009-07-14 02:08 - 2009-07-14 03:41 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\wcnapi.dll
2009-07-14 01:35 - 2009-07-14 03:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
2013-05-21 22:36 - 2013-05-21 22:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll
2009-07-14 01:46 - 2009-07-14 03:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2009-07-14 01:46 - 2009-07-14 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\IEUI.dll
2013-08-14 13:46 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\pcwum.dll
2011-07-18 15:23 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2009-07-14 02:17 - 2009-07-14 03:41 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\UTILDLL.dll
2011-07-18 15:22 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL
2012-08-15 16:52 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL
2012-03-08 18:40 - 2012-03-08 18:40 - 00150376 _____ (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsapi.dll
2011-06-21 03:23 - 2011-06-21 03:23 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll
2011-07-18 15:22 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2013-05-21 22:37 - 2013-05-21 22:37 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2009-07-14 02:08 - 2009-07-14 03:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll
2011-07-18 15:22 - 2010-11-20 15:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:ED9F3B50
AlternateDataStreams: C:\Users\uwchif1\Desktop\SwissDomain.ch - Webhosting Schweiz.url:favicon
AlternateDataStreams: E:\Eigene Dokumente\SwissDomain.ch - Webhosting Schweiz.url:favicon
AlternateDataStreams: E:\Eigene Dokumente\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 02:33:20 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14ac

Startzeit: 01cea7d5a22aeeb9

Endzeit: 0

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (09/02/2013 08:03:21 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (09/01/2013 00:30:07 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (08/31/2013 09:13:52 PM) (Source: Application Hang) (User: )
Description: Programm uninstall.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 150c

Startzeit: 01cea67de7c34d27

Endzeit: 0

Anwendungspfad: C:\Users\uwchif1\AppData\Local\Temp\nsa61B2.tmp\uninstall.exe

Berichts-ID:

Error: (08/31/2013 07:38:45 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (08/31/2013 07:31:29 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (08/31/2013 06:59:10 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005.

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (09/02/2013 07:42:20 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (09/02/2013 07:42:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/02/2013 07:42:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/01/2013 09:03:02 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Easybits Shared Services for Windows" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/01/2013 07:36:57 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UimBus
Uim_IM
Uim_VIM

Error: (09/01/2013 07:36:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/01/2013 07:36:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (09/02/2013 02:33:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1666014ac01cea7d5a22aeeb90C:\Program Files\Internet Explorer\iexplore.exe

Error: (09/02/2013 08:03:21 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (09/01/2013 00:30:07 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (08/31/2013 09:13:52 PM) (Source: Application Hang)(User: )
Description: uninstall.exe1.5.0.0150c01cea67de7c34d270C:\Users\uwchif1\AppData\Local\Temp\nsa61B2.tmp\uninstall.exe

Error: (08/31/2013 07:38:45 PM) (Source: System Restore)(User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (08/31/2013 07:31:29 PM) (Source: System Restore)(User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (08/31/2013 06:59:10 PM) (Source: System Restore)(User: )
Description: Geplanter Prüfpunkt0x80070005

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3959.08 MB
Available physical RAM: 1974.91 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 5688.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:348.07 GB) (Free:292.8 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.96 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Daten) (Fixed) (Total:337.51 GB) (Free:245.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=338 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-02 15:25:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.HP34 698.64GB
Running: k2ywrewy.exe; Driver: C:\Users\uwchif1\AppData\Local\Temp\fwliquoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                              0000000075361465 2 bytes [36, 75]
.text   C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                             00000000753614bb 2 bytes [36, 75]
.text   ...                                                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                        0000000075361465 2 bytes [36, 75]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                       00000000753614bb 2 bytes [36, 75]
.text   ...                                                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                           0000000075361465 2 bytes [36, 75]
.text   C:\Program Files (x86)\AVG Secure Search\vprot.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          00000000753614bb 2 bytes [36, 75]
.text   ...                                                                                                                                                                                                        * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [6068:6000]                                                                                                                                                                000007fef0bc9688

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 - by eRightSoft\SUPER \xa9 entfernen.lnk  1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 - by eRightSoft\SUPER \xa9 entfernen.lnk                    1

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
         

 

Themen zu Hatte Qvo6 was nun
ad-aware, antivirus, avg, avg security toolbar, bingbar, branding, browser, chromium, cid, defender, farbar, farbar recovery scan tool, fehler, flash player, google, lightning, newtab, photoshop, plug-in, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.datamngr, pup.optional.delta.a, pup.optional.installcore.a, pup.optional.mixidjtoolbar.a, regclean, registry, richtlinie, secure search, services.exe, software, super, system, temp, updates, vista, vtoolbarupdater, windows, winlogon.exe, wscript.exe




Ähnliche Themen: Hatte Qvo6 was nun


  1. qvo6.com entfernen
    Anleitungen, FAQs & Links - 27.10.2013 (2)
  2. Probleme mit Qvo6
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (4)
  3. Iminent, qvo6 &...,
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (5)
  4. Virus QVO6
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (3)
  5. QVO6 Meldung
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (9)
  6. Qvo6.xml ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (55)
  7. QVO6 Befall
    Log-Analyse und Auswertung - 22.08.2013 (5)
  8. qvo6 Virus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (22)
  9. Qvo6 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (9)
  10. Qvo6 wirklich weg?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2013 (16)
  11. Problem mit qvo6.com
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (15)
  12. Qvo6.com-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (10)
  13. Qvo6.com eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  14. das böse qvo6
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (7)
  15. qvo6 problem
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (23)
  16. Qvo6-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (11)
  17. Spyhunter 4 und Qvo6 - Was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (18)

Zum Thema Hatte Qvo6 was nun - Nach allerlei Versuchen den qvo6 rauszubringen war dies nur teilweise möglich. Unter dem IE-Button war er immer noch da. Nachdem ich das System 2 Tage zurückgesetzt habe und wieder gestartet - Hatte Qvo6 was nun...
Archiv
Du betrachtest: Hatte Qvo6 was nun auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.