Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy"

Tweety87 · 10.09.2013, 21:13

Hallo,

Malwarebytes hat bei mir infizierte Objekte gefunden.
Nachfolgend die Logfile von Malwartebytes.

Besten Dank schonmal im Voraus.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
***** :: *****-PC [Administrator]

09.09.2013 22:28:08
MBAM-log-2013-09-09 (22-46-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257043
Laufzeit: 9 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\*****\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\OpenCandy\C97962DF5EB446EAB26FB09CDC974111 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\Users\*****\AppData\Roaming\OpenCandy\C97962DF5EB446EAB26FB09CDC974111\4654.ico (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\OpenCandy\C97962DF5EB446EAB26FB09CDC974111\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\OpenCandy\C97962DF5EB446EAB26FB09CDC974111\Installer.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\OpenCandy\C97962DF5EB446EAB26FB09CDC974111\OCBrowserHelper_1.0.5.112.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)

cosinus · 11.09.2013, 00:07

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tweety87 · 11.09.2013, 11:04

Hallo,

vielen Dank für die zügige Antwort.

Mein Antivirusprogramm (avast) hat keine Funde gemeldet.

Nachfolgend die Logfile's von FRST.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by ***** (administrator) on *****-PC on 10-09-2013 21:28:00
Running from C:\Users\*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Nemetschek SCIA) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Policies\Explorer: [] 
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1631808 2011-12-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Bing Bar] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windchill ProductPoint Client Manager.lnk
ShortcutTarget: Windchill ProductPoint Client Manager.lnk -> C:\Windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=hp&fr=linkury-tb&installDate=29/03/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=29/03/2013&type=hp1000
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: google.de
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&fr=linkury-tb&installDate=29/03/2013&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\Extensions\DeviceDetection@logitech.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Logitech Flow Scroll) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\4.0.33_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-12-01] (Lenovo.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-02-11] (SafeNet Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [6587728 2011-08-05] (Flexera Software, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-04-22] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-02-11] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-02-11] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303304 2013-02-11] (SafeNet Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2010-10-17] (WIBU-SYSTEMS AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 21:26 - 2013-09-10 21:27 - 01949196 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-09-10 21:25 - 2013-09-10 21:26 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2013-09-10 21:24 - 2013-09-10 21:24 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-09-10 21:11 - 2013-09-10 21:11 - 00000000 ____H C:\ProgramData\cm-lock
2013-09-05 21:00 - 2013-09-05 21:00 - 25800899 _____ C:\Users\*****\Downloads\anki-2.0.12.exe
2013-09-05 20:56 - 2013-09-05 20:56 - 01970848 _____ C:\Users\*****\Downloads\winrar-x64-500.exe
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iPod
2013-08-31 09:30 - 2013-08-31 09:30 - 00013105 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2013-08-28 16:12 - 2013-08-28 16:14 - 00000000 ____D C:\Users\*****\Desktop\Speicherkarte vom 28.08.2013
2013-08-27 21:08 - 2013-08-27 22:06 - 00000000 ____D C:\Program Files\gs
2013-08-27 21:08 - 2013-08-27 21:08 - 00000000 ____D C:\ProgramData\PixelPlanet
2013-08-27 21:07 - 2013-08-27 22:06 - 00000000 ____D C:\ProgramData\VVW
2013-08-27 21:07 - 2013-08-27 22:06 - 00000000 ____D C:\Program Files (x86)\VVW
2013-08-27 15:33 - 2013-08-27 15:33 - 00236691 _____ C:\Users\*****\Downloads\fulltext(1).ashx
2013-08-27 12:52 - 2013-08-27 12:52 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-08-27 12:44 - 2013-08-27 12:53 - 00262611 _____ C:\Windows\hpwins23.dat
2013-08-27 12:44 - 2010-07-28 18:19 - 00002075 ____N C:\Windows\hpwmdl23.dat
2013-08-27 11:53 - 2013-08-27 12:03 - 348640976 _____ C:\Users\*****\Downloads\OJ6500vE709_Full_14.exe
2013-08-18 14:53 - 2013-08-18 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 16:31 - 2013-08-15 16:31 - 02176782 _____ C:\Users\*****\Downloads\fulltext.ashx
2013-08-15 09:50 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:50 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:50 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:50 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:50 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:50 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:50 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:50 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:50 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:50 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:50 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:50 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:50 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:50 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:50 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:50 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:50 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 09:49 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:49 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:49 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:49 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:49 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:49 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:49 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:49 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:49 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:49 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:49 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:49 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:49 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:49 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 14:55 - 2013-08-14 20:47 - 00000241 _____ C:\Users\*****\Documents\Snuff.txt
2013-08-14 10:47 - 2013-08-14 10:49 - 00000000 ____D C:\Users\*****\.BrainYoo2
2013-08-14 10:47 - 2013-08-14 10:47 - 00000000 ____D C:\ProgramData\Brainyoo2
2013-08-14 10:46 - 2013-08-14 10:46 - 00000000 ____D C:\Program Files (x86)\BrainYoo2
2013-08-14 10:45 - 2013-08-14 10:45 - 20529728 _____ C:\Users\*****\Downloads\BrainYoo-Setup.exe
2013-08-14 09:39 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:39 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:39 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:39 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:39 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 09:39 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 09:39 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 09:39 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:39 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 09:39 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 09:39 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 09:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:39 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:39 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 09:38 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 09:38 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 09:38 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 09:38 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 09:38 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:38 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 21:27 - 2013-09-10 21:27 - 00000000 ____D C:\FRST
2013-09-10 21:27 - 2013-09-10 21:26 - 01949196 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-09-10 21:26 - 2013-09-10 21:25 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2013-09-10 21:26 - 2009-07-14 06:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:26 - 2009-07-14 06:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:24 - 2013-09-10 21:24 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-09-10 21:20 - 2012-02-19 04:49 - 01118933 _____ C:\Windows\WindowsUpdate.log
2013-09-10 21:17 - 2013-04-28 12:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\KeePass
2013-09-10 21:16 - 2012-11-27 00:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-09-10 21:16 - 2012-03-31 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 21:15 - 2013-07-24 00:41 - 00000000 ___RD C:\Users\*****\Google Drive
2013-09-10 21:15 - 2012-11-27 00:50 - 00000000 ___RD C:\Users\*****\Dropbox
2013-09-10 21:14 - 2012-02-23 10:25 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2013-09-10 21:13 - 2013-01-14 19:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-10 21:12 - 2012-11-03 16:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 21:11 - 2013-09-10 21:11 - 00000000 ____H C:\ProgramData\cm-lock
2013-09-10 21:11 - 2013-05-02 08:08 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-09-10 21:11 - 2012-10-29 17:55 - 00000064 __RSH C:\Windows\system32\Drivers\WUDFRd.winsecurity
2013-09-10 21:11 - 2012-10-29 17:55 - 00000064 __RSH C:\Windows\system32\Drivers\vwifibus.winsecurity
2013-09-10 21:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 21:10 - 2009-07-14 06:51 - 00081480 _____ C:\Windows\setupact.log
2013-09-09 22:49 - 2012-11-03 16:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 22:13 - 2013-04-29 00:17 - 00005934 _____ C:\Users\*****\Documents\Meine Passwörter.kdbx
2013-09-09 21:40 - 2011-04-12 09:43 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-09-09 21:40 - 2011-04-12 09:43 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:40 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 21:35 - 2013-01-29 18:09 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-09-06 17:50 - 2012-05-04 23:17 - 00000000 ____D C:\Users\*****\Documents\Anki
2013-09-05 21:00 - 2013-09-05 21:00 - 25800899 _____ C:\Users\*****\Downloads\anki-2.0.12.exe
2013-09-05 21:00 - 2012-05-04 23:10 - 00000000 ____D C:\Program Files (x86)\Anki
2013-09-05 20:57 - 2012-02-23 17:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-05 20:57 - 2012-02-23 17:10 - 00000000 ____D C:\Program Files\WinRAR
2013-09-05 20:56 - 2013-09-05 20:56 - 01970848 _____ C:\Users\*****\Downloads\winrar-x64-500.exe
2013-09-03 01:22 - 2012-11-25 01:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-09-02 23:03 - 2012-04-30 14:26 - 00000000 ____D C:\Users\*****\Documents\SummerSchool
2013-08-31 10:39 - 2012-08-20 17:35 - 00000000 ____D C:\Users\*****\Documents\Estrich
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iPod
2013-08-31 09:31 - 2012-10-27 15:34 - 00000000 ____D C:\Users\*****\.gimp-2.8
2013-08-31 09:30 - 2013-08-31 09:30 - 00013105 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2013-08-29 09:51 - 2012-02-23 17:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-28 16:14 - 2013-08-28 16:12 - 00000000 ____D C:\Users\*****\Desktop\Speicherkarte vom 28.08.2013
2013-08-27 23:04 - 2012-07-13 16:31 - 00000000 ____D C:\Users\*****\Documents\Projekte
2013-08-27 22:06 - 2013-08-27 21:08 - 00000000 ____D C:\Program Files\gs
2013-08-27 22:06 - 2013-08-27 21:07 - 00000000 ____D C:\ProgramData\VVW
2013-08-27 22:06 - 2013-08-27 21:07 - 00000000 ____D C:\Program Files (x86)\VVW
2013-08-27 21:08 - 2013-08-27 21:08 - 00000000 ____D C:\ProgramData\PixelPlanet
2013-08-27 15:33 - 2013-08-27 15:33 - 00236691 _____ C:\Users\*****\Downloads\fulltext(1).ashx
2013-08-27 13:17 - 2009-07-14 06:45 - 00473472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-27 13:15 - 2012-03-31 16:09 - 00014977 _____ C:\ProgramData\hpzinstall.log
2013-08-27 13:15 - 2012-03-31 16:09 - 00000000 ____D C:\ProgramData\HP
2013-08-27 13:15 - 2012-02-18 22:01 - 00120016 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-27 13:14 - 2012-03-31 16:09 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-27 12:53 - 2013-08-27 12:44 - 00262611 _____ C:\Windows\hpwins23.dat
2013-08-27 12:52 - 2013-08-27 12:52 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-08-27 12:49 - 2012-02-22 22:04 - 00074634 _____ C:\Windows\DPINST.LOG
2013-08-27 12:12 - 2010-11-21 05:47 - 00312110 _____ C:\Windows\PFRO.log
2013-08-27 12:03 - 2013-08-27 11:53 - 348640976 _____ C:\Users\*****\Downloads\OJ6500vE709_Full_14.exe
2013-08-24 20:55 - 2012-03-31 16:35 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-24 20:55 - 2012-03-31 16:35 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-24 20:55 - 2012-02-23 12:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-24 18:48 - 2012-05-05 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 16:24 - 2013-08-18 14:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 01:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:31 - 2013-08-15 16:31 - 02176782 _____ C:\Users\*****\Downloads\fulltext.ashx
2013-08-15 09:46 - 2013-07-21 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:43 - 2012-02-22 23:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 20:47 - 2013-08-14 14:55 - 00000241 _____ C:\Users\*****\Documents\Snuff.txt
2013-08-14 12:14 - 2012-02-27 22:10 - 00000000 ____D C:\Users\*****\Documents\Bauing_ebooks
2013-08-14 10:49 - 2013-08-14 10:47 - 00000000 ____D C:\Users\*****\.BrainYoo2
2013-08-14 10:47 - 2013-08-14 10:47 - 00000000 ____D C:\ProgramData\Brainyoo2
2013-08-14 10:47 - 2012-02-18 21:05 - 00000000 ____D C:\Users\*****
2013-08-14 10:46 - 2013-08-14 10:46 - 00000000 ____D C:\Program Files (x86)\BrainYoo2
2013-08-14 10:45 - 2013-08-14 10:45 - 20529728 _____ C:\Users\*****\Downloads\BrainYoo-Setup.exe
2013-08-14 09:17 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 01:24 - 2011-11-17 19:12 - 00000000 ____D C:\Users\*****\Documents\E-books
2013-08-13 23:47 - 2012-07-13 16:31 - 00000000 ____D C:\Users\*****\Documents\Geotechnik
2013-08-13 10:41 - 2013-02-11 11:42 - 00000000 ____D C:\Users\*****\Documents\Verträge, Abos usw
2013-08-13 10:41 - 2012-07-13 16:27 - 00000000 ____D C:\Users\*****\Documents\Bewerbungen, Lebensläufe, Nachweise
2013-08-11 03:15 - 2012-02-22 22:24 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\SETUP.EXE
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 12:00

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by ***** at 2013-09-10 21:28:54
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
64 Bit HP CIO Components Installer (Version: 6.2.2)
6500_E709_eDocs (x32 Version: 1.00.0000)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Akamai NetSession Interface (HKCU)
ANALYSIS_27 (x32 Version: 18.1.0000)
ANALYSIS_27_Common (x32 Version: 18.2.0000)
ANALYSIS_27_x64 (x32 Version: 18.2.6400)
ANALYSIS_27_x64_Common (x32 Version: 18.2.0000)
Anki (x32)
Anzeige am Bildschirm (Version: 6.24.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AutoCAD 2012 - Deutsch (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - Deutsch (Version: 18.2.51.0)
AutoCAD Civil 3D 2013 - Deutsch (German) (Version: 10.0.1111.0)
AutoCAD Civil 3D 2013 Language Pack - Deutsch (German) (Version: 10.0.1111.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Download Manager (x32 Version: 2.0.2.0)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Baurecht-aktuell Frühjahr 2013 (x32 Version: 6.02.000)
Bautagebuch 2013 (x32 Version: 7.00.000)
Bing Bar (x32 Version: 5.0.1449.0)
Bing Bar Platform (x32 Version: 5.0.1449.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BRAINYOO 2.0 (x32 Version: 2.0)
Brother MFL-Pro Suite MFC-5890CN (x32 Version: 1.0.1.0)
BufferChm (x32 Version: 140.0.213.000)
Citavi (x32 Version: 3.2.0.0)
CodeMeter Runtime Kit v4.50b (Version: 4.50.901.502)
Conexant 20672 SmartAudio HD (Version: 8.32.23.2)
cyberJack Base Components (x32 Version: 6.10.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 140.0.213.000)
Dlubal RFEM 5.01 64-bit (Version: 5.01.0042)
Dlubal RSTAB 8.01 64-bit (Version: 8.01.0042)
DocMgr (x32 Version: 140.0.65.000)
DocProc (x32 Version: 140.0.100.000)
dows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Dropbox (HKCU Version: 2.0.22)
eReg (x32 Version: 1.20.138.34)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Fax (x32 Version: 140.0.213.000)
Firebird 2.5.1.26351 (Win32) (x32 Version: 2.5.1.26351)
FlexNet Publisher License Server Manager (x32 Version: 11.10.1.0)
Frilo.System.Next (x32 Version: 2.10.31)
FriloBase (x32 Version: 1.0.0)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GIMP 2.8.2 (Version: 2.8.2)
Google Drive (x32 Version: 1.11.4865.2530)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GPL Ghostscript (remove only) (Version: 9.00)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HPSSupply (x32 Version: 140.0.212.000)
HTML.Browser.Framework 3.5.3 (x86) (x32 Version: 353.00.01)
InfoCAD Studienversion 12.1 (x32)
Ing+ 2011 (x32 Version: 20.11.0510)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147)
Integrated Camera TWAIN (x32 Version: 1.0.11.1223)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.0.74.0 (x32 Version: 1.0.74.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Network Connections Drivers (Version: 16.4)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2538)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
iTunes (Version: 11.0.5.5)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 43 (x32 Version: 6.0.430)
KeePass Password Safe 2.22 (x32)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Patch Utility (x32 Version: 1.00.0000)
Lenovo Patch Utility 64 bit (Version: 1.20.0001)
Lenovo System Interface Driver (Version: 1.05)
Logitech Flow Scroll 4.0 (Version: 4.00.33)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.214.000)
Mathcad 15 F000 (x32 Version: 15.0.0.0)
Mathcad PDSi viewable support (x32 Version: 9.0.0)
Mathcad Prime 2.0 (Version: 2.0)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Project MUI (German) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 140.0.215.000)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Offerte_L (x32 Version: 3.1.000)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017)
PDF-XChange 2012 Pro (Version: 5.0.267.0)
PLAXIS 2D 2011.02 (x32 Version: PLAXIS 2D 2011.02)
PLAXIS 3D 2011 (x32 Version: PLAXIS 3D 2011)
PLAXIS Connect (x32 Version: PLAXIS Connect)
Projekt-Manager 2012 (x32 Version: 11.00.000)
'PTC Places' Namespace Shell Extension (x32 Version: 1.1.11)
RedMon - Redirection Port Monitor
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
RSTAB (x32 Version: 1.13.006)
Scan (x32 Version: 140.0.167.000)
Scia Engineer 2012 (x32 Version: 12.0.1049)
Scia Licence Server (x32 Version: 2.0.0)
Screenshot Captor 3.08.01 (x32)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Secure Download Manager (x32 Version: 3.1.0)
Shop for HP Supplies (Version: 14.0)
Skype™ 6.5 (x32 Version: 6.5.158)
SmartWebPrinting (x32 Version: 140.0.213.000)
SOFiPLUS_182x64 (Version: 18.2.00.00)
SOFiSTiK 2012 (x32 Version: 20.12.0.0)
SOFiSTiK 2012 18.2 64Bit Object Enabler (Version: 18.2.0)
SOFiSTiK SHARED_182x64 (Version: 18.2.0000)
SOFiSTiK Sonar (x32 Version: 14.9)
StarMoney (x32 Version: 3.0.5.8)
StarMoney 8.0  (x32 Version: 8.0)
Status (x32 Version: 140.0.256.000)
STLB-Bau XML V2 - Client (x32 Version: 11.10.0005)
System Update (x32 Version: 4.01.0015)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2900)
ThinkPad Energie-Manager (x32 Version: 3.65)
ThinkPad FullScreen Magnifier (Version: 2.24)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkVantage AutoLock (Version: 1.05)
ThinkVantage Fingerprint Software (Version: 5.9.5.7038)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.75)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.213.000)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817482) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817489) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817491) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817492) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
WD Quick View (x32 Version: 2.0.1.2)
WD SmartWare (Version: 2.0.1.2)
WD SmartWare Installer (x32 Version: 2.0.1.2)
WebReg (x32 Version: 140.0.213.017)
WibuKey Setup (WibuKey Remove) (Version: Version 6.00a of 2009-Dec-03 (Build 129) (Setup))
WinCADES64-w64 19.03 (Version: 19.03)
Windchill ProductPoint Client Manager (x32 Version: 1.1.187)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
Wunderlist (x32 Version: 2.2.1.22)

==================== Restore Points  =========================

24-08-2013 16:53:56 Windows Update
27-08-2013 11:12:51 Removed HP Update.
29-08-2013 07:49:24 Windows Update
03-09-2013 06:17:37 Windows Update
06-09-2013 14:58:45 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-01-11 18:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {070AC9EC-0A18-4461-8AD4-C5A536B4E83B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {10F7F4E0-7333-416E-822D-B7CB6A00F2C1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {248E0892-8BCE-4569-9CED-85474E088CFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {30FA9FEE-A724-46FF-97BB-A0873D011453} - System32\Tasks\{D5D2C1C1-68A8-45B4-999F-B15B2830D0E7} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {3E762D75-AD86-47C5-A885-77B1EBE59614} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {437F1B0C-256F-47B5-A5F0-0C8809C16C7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {46AAAEE7-98AA-48F6-AC91-271C991C36D8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {528DE42F-9C91-4EBC-A46E-865CBECD36D7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {63937E83-D4DC-4C41-8574-BE9272E93501} - System32\Tasks\Microsoft\Windows\PLA\WPPTracingSession => C:\Windows\system32\pla.dll [2010-11-21] (Microsoft Corporation)
Task: {64A86C34-559C-4859-A9EE-1BCC474374EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6E0BCF21-E698-40CC-B5A2-A61C0E50E5E5} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {71F67179-67B0-46D7-B39F-3B065B499C39} - System32\Tasks\{09F7DAC9-5E0F-4394-A5DC-3437C193229D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {72F67F8B-B2DC-4BA9-A3FD-C685F7587E31} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {A9D0112F-D206-4B68-A72A-1151EBDC844B} - System32\Tasks\{1C6EED54-5C5B-407D-8099-DA7A54B3C661} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {CE902DB1-7CA9-4232-A68E-0800524542F7} - System32\Tasks\{B64F9608-4ED8-4C9D-9659-951D71BAA897} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {D045F0DD-EDC4-44EE-A895-FB864A500BF6} - System32\Tasks\{EF2AC089-B97E-499C-97E8-015EC15A4F2F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D6AD5936-4E24-49F5-89CE-81EB2E7B6954} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D802248A-A6CD-42E2-B7B1-C2F458B5D258} - System32\Tasks\{1D22CFF1-DDD3-41CE-87F9-5CC62F095429} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603
Task: {E4899D9E-EE8C-4CCC-BD6F-0ED6FB1344F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {ECFCEF2D-898B-4471-82AC-3B6D36EAFD19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-07 05:38 - 2012-02-07 05:38 - 00047016 _____ (Autodesk, Inc.) C:\Windows\system32\AcSignIcon.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-02-22 22:09 - 2011-12-01 04:05 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\system32\Sensor64.dll
2012-02-07 05:38 - 2012-02-07 05:38 - 00581544 _____ (Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
2013-06-15 16:48 - 2013-01-19 09:08 - 07239744 _____ (Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
2012-02-23 17:10 - 2013-08-22 19:01 - 00214104 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-02-07 05:38 - 2012-02-07 05:38 - 00162728 _____ (Autodesk) C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll
2012-02-22 22:06 - 2011-09-26 01:45 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2012-02-22 22:06 - 2011-09-26 01:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-07-14 02:09 - 2009-07-14 03:38 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\irprops.cpl
2010-03-03 11:36 - 2010-03-03 11:36 - 00118784 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\CommonUtil.dll
2010-03-03 11:29 - 2010-03-03 11:29 - 00122880 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\Ptc.Nimbus.Core.dll
2010-03-03 11:29 - 2010-03-03 11:29 - 00005120 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\PluginInterface.dll
2010-03-03 11:36 - 2010-03-03 11:36 - 00022528 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\WCFCoreUtil.dll
2010-03-03 11:36 - 2010-03-03 11:36 - 00071168 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\InternalInterface.dll
2010-03-03 11:36 - 2010-03-03 11:36 - 00007680 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\de-DE\ProductPointService.resources.dll
2010-03-03 11:36 - 2010-03-03 11:36 - 00034816 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\Plugins\VersionDisplayPlugin\VersionDisplayPlugin.dll
2010-03-03 11:36 - 2010-03-03 11:36 - 00004608 _____ (PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\Plugins\VersionDisplayPlugin\de-DE\VersionDisplayPlugin.resources.dll
2012-02-22 21:53 - 2011-09-26 15:22 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-02-22 21:53 - 2011-09-26 15:22 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2008-08-13 15:34 - 2008-08-13 15:34 - 00236632 _____ (GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart_LANG.dll
2013-06-03 16:21 - 2013-06-03 16:21 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-05-07 10:05 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-05-07 10:05 - 2008-12-14 09:11 - 00163840 ____N (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BRMFCWNDGer.dll
2013-04-02 17:58 - 2010-04-27 17:39 - 00325976 _____ (Microsoft Corp.) C:\Users\*****\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll
2010-04-27 16:39 - 2010-04-27 16:39 - 00095064 ____N (Microsoft Corp.) C:\Users\*****\AppData\Local\Microsoft\Toolbar\Applications\SCExtension.dll
2010-04-27 16:39 - 2010-04-27 16:39 - 00444760 ____N (Microsoft Corp.) C:\Users\*****\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll
2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\*****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2012-05-07 10:05 - 2008-08-18 18:27 - 00122880 ____N (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\brlmw03a.dll
2012-05-07 10:05 - 2007-01-16 00:00 - 00024223 ____N (Brother Industries, Ltd) C:\Program Files (x86)\Brother\Brmfcmon\brlm03a.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2013-09-10 21:14 - 2013-09-10 21:14 - 02436608 _____ (Python Software Foundation) C:\Users\*****\AppData\Local\Temp\_MEI50282\python27.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00098816 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32api.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00110080 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\pywintypes27.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00364544 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\pythoncom27.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00044032 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_socket.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 01153024 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_ssl.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00320512 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32com.shell.shell.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00711680 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_hashlib.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 01175040 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._core_.pyd
2013-09-10 21:14 - 2013-09-10 21:14 - 01985024 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxbase294u_vc90.dll
2013-09-10 21:14 - 2013-09-10 21:14 - 00154112 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxbase294u_net_vc90.dll
2013-09-10 21:14 - 2013-09-10 21:14 - 04598272 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxmsw294u_core_vc90.dll
2013-09-10 21:14 - 2013-09-10 21:14 - 01234944 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxmsw294u_adv_vc90.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00805888 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._gdi_.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00811008 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._windows_.pyd
2013-09-10 21:14 - 2013-09-10 21:14 - 00595968 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxmsw294u_html_vc90.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 01062400 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._controls_.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00735232 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._misc_.pyd
2013-09-10 21:13 - 2013-09-10 21:14 - 00128512 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_elementtree.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00127488 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\pyexpat.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00557056 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\pysqlite2._sqlite.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00087040 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_ctypes.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00119808 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32file.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00108544 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32security.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00018432 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32event.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00038912 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32inet.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00122368 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._wizard.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00686080 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\unicodedata.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00026624 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\_multiprocessing.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00070656 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\wx._html2.pyd
2013-09-10 21:14 - 2013-09-10 21:14 - 00091648 _____ (wxWidgets development team) C:\Users\*****\AppData\Local\Temp\_MEI50282\wxmsw294u_webview_vc90.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00010240 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\select.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00025600 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32pdh.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00504832 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\windows._cacheinvalidation.pyd
2013-09-10 21:14 - 2013-09-10 21:14 - 00421200 _____ (Microsoft Corporation) C:\Users\*****\AppData\Local\Temp\_MEI50282\MSVCP100.dll
2013-09-10 21:14 - 2013-09-10 21:14 - 00773968 _____ (Microsoft Corporation) C:\Users\*****\AppData\Local\Temp\_MEI50282\MSVCR100.dll
2013-09-10 21:13 - 2013-09-10 21:13 - 00011264 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32crypt.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00035840 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32process.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00017408 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32profile.pyd
2013-09-10 21:13 - 2013-09-10 21:13 - 00022528 _____ () C:\Users\*****\AppData\Local\Temp\_MEI50282\win32ts.pyd
2013-08-07 22:29 - 2013-08-07 22:29 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-08-07 22:29 - 2013-08-07 22:29 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-07 22:29 - 2013-08-07 22:29 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-08-07 22:29 - 2013-08-07 22:29 - 00579480 _____ (sqlite.org) C:\Program Files (x86)\Mozilla Thunderbird\mozsqlite3.dll
2013-08-18 14:53 - 2013-08-18 14:53 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Windows:CM_14a6d2d0f70e8a44b92b6ca9e5ce29afcee8e3aa480304222c7482009b99118c
AlternateDataStreams: C:\Windows:CM_6b2aa27ca20226596c1dc014646cff31908105fef30a218b13629f7d56d9fbcb


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 09:11:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 10:57:10 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:10.935]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:09 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:09.391]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:07 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:07.846]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:06 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:06.302]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:04 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:04.758]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:03 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:03.213]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:01 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:01.669]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:00 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:57:00.124]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:56:58 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/09 22:56:58.580]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (09/10/2013 09:17:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (09/10/2013 09:14:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Update" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/10/2013 09:14:48 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Update erreicht.

Error: (09/10/2013 09:11:21 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/09/2013 10:24:15 PM) (Source: SCardSvr) (User: )
Description: Das Gerät ist nicht angeschlossen.REINER SCT cyberJack pinpad/e-com USB 52GET_STATEXX XX XX XX

Error: (09/08/2013 07:07:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (09/07/2013 09:22:42 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/06/2013 11:44:09 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/06/2013 03:10:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (09/05/2013 06:52:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (09/10/2013 09:11:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 10:57:10 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:10.935]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:09 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:09.391]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:07 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:07.846]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:06 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:06.302]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:04 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:04.758]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:03 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:03.213]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:01 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:01.669]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:57:00 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:57:00.124]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/09/2013 10:56:58 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/09 22:56:58.580]: [00006912]: lperrcode->api = 1 , lperrcode->code = 2


CodeIntegrity Errors:
===================================
  Date: 2013-01-11 17:38:49.828
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-11 17:38:49.811
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-01 13:50:13.276
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-01 13:50:13.261
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-01 13:49:59.975
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-01 13:49:59.961
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 8075.23 MB
Available physical RAM: 5041.75 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13083.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:80.43 GB) NTFS
Drive d: (My Book) (Fixed) (Total:1862.98 GB) (Free:995.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A475E83D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)

==================== End Of Log ============================

Tweety87 · 11.09.2013, 11:11

Und noch den Logfile von GMER.

cosinus · 11.09.2013, 16:49

Windows7 Pro, AutoCAD - sag ist das ein gewerblich genutztes System, Büro-PC?

Tweety87 · 11.09.2013, 17:10

Hallo,

nein es ist ein Studenten-PC.

Win7 von der Uni.
AutoCAD etc. Studentenversionen.

Sind die Funde von Malwarebytes als unkritisch zu sehen?

Mit freundlichem Gruß

cosinus · 11.09.2013, 20:04

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Tweety87 · 11.09.2013, 20:50

Code:

ATTFilter

# AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 21:13:30
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM64\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.helperbar.Country", "Germany");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22761880);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.UserID", "91313eb5-8f2d-4ae4-9a57-0f301665fd2d");
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=91313eb5-8f2d-4ae4-9a57-0f301665fd2d&searchtype=ds&fr=linkury-tb&installDate=29/03/2013&type=hp1000&p="[...]

-\\ Google Chrome v

[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by ***** on 11.09.2013 at 21:36:47,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2013 at 21:44:11,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by ***** (administrator) on *****-PC on 11-09-2013 21:44:58
Running from C:\Users\*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Nemetschek SCIA) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\scia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\*****\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(PTC) C:\Program Files (x86)\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LogiScrollApp] - C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [gStart] - C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Policies\Explorer: [] 
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1631808 2011-12-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Bing Bar] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windchill ProductPoint Client Manager.lnk
ShortcutTarget: Windchill ProductPoint Client Manager.lnk -> C:\Windows\Installer\{129024FF-A6C9-4696-91BC-570C6C05193A}\_F5BCEE176F60B4DABC6DF8.exe ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default
FF NewTab: about:blank
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_43 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\nxdadjav.default\Extensions\DeviceDetection@logitech.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Logitech Flow Scroll) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\4.0.33_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-12-01] (Lenovo.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-02-11] (SafeNet Inc.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [6587728 2011-08-05] (Flexera Software, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-04-22] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-02-11] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-02-11] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303304 2013-02-11] (SafeNet Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2010-10-17] (WIBU-SYSTEMS AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 21:25 - 2013-09-11 21:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 21:22 - 2013-09-11 21:22 - 01029490 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-09-11 21:19 - 2013-09-11 21:19 - 00003954 _____ C:\Users\*****\Desktop\AdwCleaner[S0].txt
2013-09-11 21:15 - 2013-09-11 21:15 - 00000000 ____H C:\ProgramData\cm-lock
2013-09-11 21:12 - 2013-09-11 21:13 - 00000000 ____D C:\AdwCleaner
2013-09-11 21:09 - 2013-09-11 21:09 - 01037278 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-09-11 18:36 - 2013-09-11 18:36 - 00009173 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2013-09-11 18:19 - 2013-09-11 19:47 - 00000000 ____D C:\Users\*****\Desktop\Spannbeton_Allgemeine Fragen
2013-09-11 01:24 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 01:24 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 01:24 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 01:24 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 01:24 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 01:24 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 01:24 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 01:24 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 01:24 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 01:24 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 01:24 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 01:24 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 01:24 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 01:24 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 00:27 - 2013-09-11 00:27 - 00000178 _____ C:\Users\*****\Documents\Mai Tai.txt
2013-09-10 22:46 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 22:46 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 22:46 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 22:45 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 22:45 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 22:45 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 22:45 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 22:45 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 22:45 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 22:45 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 22:45 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 22:45 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 22:45 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 22:45 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 22:45 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 22:45 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 22:45 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 22:45 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 22:45 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 22:45 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 22:45 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 22:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 22:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 22:44 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 22:44 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 22:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 22:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 22:26 - 2013-09-10 22:26 - 00446768 _____ C:\Windows\Minidump\091013-18174-01.dmp
2013-09-10 21:48 - 2013-09-10 21:58 - 00697793 _____ C:\Users\*****\Desktop\Gmer.log
2013-09-10 21:32 - 2013-09-10 21:32 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-09-10 21:27 - 2013-09-10 21:27 - 00000000 ____D C:\FRST
2013-09-10 21:26 - 2013-09-10 21:27 - 01949196 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-09-10 21:25 - 2013-09-10 21:26 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2013-09-10 21:24 - 2013-09-10 21:24 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-09-05 21:00 - 2013-09-05 21:00 - 25800899 _____ C:\Users\*****\Downloads\anki-2.0.12.exe
2013-09-05 20:56 - 2013-09-05 20:56 - 01970848 _____ C:\Users\*****\Downloads\winrar-x64-500.exe
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:56 - 2013-08-31 09:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iPod
2013-08-28 16:12 - 2013-08-28 16:14 - 00000000 ____D C:\Users\*****\Desktop\Speicherkarte vom 28.08.2013
2013-08-27 21:08 - 2013-08-27 22:06 - 00000000 ____D C:\Program Files\gs
2013-08-27 21:08 - 2013-08-27 21:08 - 00000000 ____D C:\ProgramData\PixelPlanet
2013-08-27 21:07 - 2013-08-27 22:06 - 00000000 ____D C:\ProgramData\VVW
2013-08-27 21:07 - 2013-08-27 22:06 - 00000000 ____D C:\Program Files (x86)\VVW
2013-08-27 15:33 - 2013-08-27 15:33 - 00236691 _____ C:\Users\*****\Downloads\fulltext(1).ashx
2013-08-27 12:52 - 2013-08-27 12:52 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-08-27 12:44 - 2013-08-27 12:53 - 00262611 _____ C:\Windows\hpwins23.dat
2013-08-27 12:44 - 2010-07-28 18:19 - 00002075 ____N C:\Windows\hpwmdl23.dat
2013-08-27 11:53 - 2013-08-27 12:03 - 348640976 _____ C:\Users\*****\Downloads\OJ6500vE709_Full_14.exe
2013-08-18 14:53 - 2013-08-18 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 16:31 - 2013-08-15 16:31 - 02176782 _____ C:\Users\*****\Downloads\fulltext.ashx
2013-08-14 14:55 - 2013-08-14 20:47 - 00000241 _____ C:\Users\*****\Documents\Snuff.txt
2013-08-14 10:47 - 2013-08-14 10:49 - 00000000 ____D C:\Users\*****\.BrainYoo2
2013-08-14 10:47 - 2013-08-14 10:47 - 00000000 ____D C:\ProgramData\Brainyoo2
2013-08-14 10:46 - 2013-08-14 10:46 - 00000000 ____D C:\Program Files (x86)\BrainYoo2
2013-08-14 10:45 - 2013-08-14 10:45 - 20529728 _____ C:\Users\*****\Downloads\BrainYoo-Setup.exe
2013-08-14 09:39 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:39 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:39 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:39 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:39 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:39 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:39 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:39 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:38 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:38 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 21:44 - 2013-09-11 21:44 - 00000626 _____ C:\Users\*****\Desktop\JRT.txt
2013-09-11 21:38 - 2012-10-29 17:55 - 00000064 __RSH C:\Windows\system32\Drivers\vwifibus.winsecurity
2013-09-11 21:32 - 2012-02-19 04:49 - 01426423 _____ C:\Windows\WindowsUpdate.log
2013-09-11 21:25 - 2013-09-11 21:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 21:25 - 2009-07-14 06:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 21:25 - 2009-07-14 06:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 21:24 - 2012-02-23 10:25 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2013-09-11 21:22 - 2013-09-11 21:22 - 01029490 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2013-09-11 21:19 - 2013-09-11 21:19 - 00003954 _____ C:\Users\*****\Desktop\AdwCleaner[S0].txt
2013-09-11 21:19 - 2012-11-27 00:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-09-11 21:18 - 2013-07-24 00:41 - 00000000 ___RD C:\Users\*****\Google Drive
2013-09-11 21:18 - 2012-11-27 00:50 - 00000000 ___RD C:\Users\*****\Dropbox
2013-09-11 21:16 - 2012-11-03 16:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 21:16 - 2012-03-31 16:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 21:15 - 2013-09-11 21:15 - 00000000 ____H C:\ProgramData\cm-lock
2013-09-11 21:15 - 2013-05-02 08:08 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-09-11 21:15 - 2012-10-29 17:55 - 00000064 __RSH C:\Windows\system32\Drivers\WUDFRd.winsecurity
2013-09-11 21:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 21:15 - 2009-07-14 06:51 - 00081760 _____ C:\Windows\setupact.log
2013-09-11 21:13 - 2013-09-11 21:12 - 00000000 ____D C:\AdwCleaner
2013-09-11 21:09 - 2013-09-11 21:09 - 01037278 _____ C:\Users\*****\Desktop\adwcleaner.exe
2013-09-11 21:08 - 2012-10-27 15:34 - 00000000 ____D C:\Users\*****\.gimp-2.8
2013-09-11 21:06 - 2012-05-04 23:17 - 00000000 ____D C:\Users\*****\Documents\Anki
2013-09-11 20:49 - 2012-11-03 16:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 19:47 - 2013-09-11 18:19 - 00000000 ____D C:\Users\*****\Desktop\Spannbeton_Allgemeine Fragen
2013-09-11 19:38 - 2013-04-28 12:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\KeePass
2013-09-11 18:36 - 2013-09-11 18:36 - 00009173 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2013-09-11 14:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 13:42 - 2012-02-18 21:05 - 00000000 ____D C:\Users\*****
2013-09-11 10:06 - 2013-01-14 19:42 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-11 10:06 - 2013-01-14 19:42 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-11 09:55 - 2012-02-18 21:06 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 09:55 - 2012-02-18 21:06 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 09:52 - 2009-07-14 06:45 - 00473472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 09:48 - 2013-01-29 18:09 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-09-11 01:24 - 2012-02-23 17:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 01:23 - 2013-07-21 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 01:16 - 2012-02-22 23:44 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 00:27 - 2013-09-11 00:27 - 00000178 _____ C:\Users\*****\Documents\Mai Tai.txt
2013-09-11 00:16 - 2012-03-31 16:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 00:16 - 2012-03-31 16:35 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 00:16 - 2012-02-23 12:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 23:08 - 2012-04-30 14:26 - 00000000 ____D C:\Users\*****\Documents\SummerSchool
2013-09-10 22:26 - 2013-09-10 22:26 - 00446768 _____ C:\Windows\Minidump\091013-18174-01.dmp
2013-09-10 22:26 - 2012-11-13 16:31 - 00000000 ____D C:\Windows\Minidump
2013-09-10 22:26 - 2012-11-13 16:30 - 805282875 _____ C:\Windows\MEMORY.DMP
2013-09-10 21:58 - 2013-09-10 21:48 - 00697793 _____ C:\Users\*****\Desktop\Gmer.log
2013-09-10 21:32 - 2013-09-10 21:32 - 00377856 _____ C:\Users\*****\Desktop\gmer_2.1.19163.exe
2013-09-10 21:27 - 2013-09-10 21:27 - 00000000 ____D C:\FRST
2013-09-10 21:27 - 2013-09-10 21:26 - 01949196 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2013-09-10 21:26 - 2013-09-10 21:25 - 00000474 _____ C:\Users\*****\Desktop\defogger_disable.log
2013-09-10 21:24 - 2013-09-10 21:24 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2013-09-09 22:13 - 2013-04-29 00:17 - 00005934 _____ C:\Users\*****\Documents\Meine Passwörter.kdbx
2013-09-09 21:40 - 2011-04-12 09:43 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-09-09 21:40 - 2011-04-12 09:43 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-09-09 21:40 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 21:00 - 2013-09-05 21:00 - 25800899 _____ C:\Users\*****\Downloads\anki-2.0.12.exe
2013-09-05 21:00 - 2012-05-04 23:10 - 00000000 ____D C:\Program Files (x86)\Anki
2013-09-05 20:57 - 2012-02-23 17:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-05 20:57 - 2012-02-23 17:10 - 00000000 ____D C:\Program Files\WinRAR
2013-09-05 20:56 - 2013-09-05 20:56 - 01970848 _____ C:\Users\*****\Downloads\winrar-x64-500.exe
2013-09-03 01:22 - 2012-11-25 01:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-08-31 10:39 - 2012-08-20 17:35 - 00000000 ____D C:\Users\*****\Documents\Estrich
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:57 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:56 - 2013-08-31 09:56 - 00000000 ____D C:\Program Files\iPod
2013-08-30 09:48 - 2013-03-19 12:51 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-19 12:51 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-01-14 19:42 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-01-14 19:42 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-01-14 19:41 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-28 16:14 - 2013-08-28 16:12 - 00000000 ____D C:\Users\*****\Desktop\Speicherkarte vom 28.08.2013
2013-08-27 23:04 - 2012-07-13 16:31 - 00000000 ____D C:\Users\*****\Documents\Projekte
2013-08-27 22:06 - 2013-08-27 21:08 - 00000000 ____D C:\Program Files\gs
2013-08-27 22:06 - 2013-08-27 21:07 - 00000000 ____D C:\ProgramData\VVW
2013-08-27 22:06 - 2013-08-27 21:07 - 00000000 ____D C:\Program Files (x86)\VVW
2013-08-27 21:08 - 2013-08-27 21:08 - 00000000 ____D C:\ProgramData\PixelPlanet
2013-08-27 15:33 - 2013-08-27 15:33 - 00236691 _____ C:\Users\*****\Downloads\fulltext(1).ashx
2013-08-27 13:15 - 2012-03-31 16:09 - 00014977 _____ C:\ProgramData\hpzinstall.log
2013-08-27 13:15 - 2012-03-31 16:09 - 00000000 ____D C:\ProgramData\HP
2013-08-27 13:15 - 2012-02-18 22:01 - 00120016 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-27 13:14 - 2012-03-31 16:09 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-27 12:53 - 2013-08-27 12:44 - 00262611 _____ C:\Windows\hpwins23.dat
2013-08-27 12:52 - 2013-08-27 12:52 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-08-27 12:49 - 2012-02-22 22:04 - 00074634 _____ C:\Windows\DPINST.LOG
2013-08-27 12:12 - 2010-11-21 05:47 - 00312110 _____ C:\Windows\PFRO.log
2013-08-27 12:03 - 2013-08-27 11:53 - 348640976 _____ C:\Users\*****\Downloads\OJ6500vE709_Full_14.exe
2013-08-24 18:48 - 2012-05-05 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 16:24 - 2013-08-18 14:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 16:31 - 2013-08-15 16:31 - 02176782 _____ C:\Users\*****\Downloads\fulltext.ashx
2013-08-14 20:47 - 2013-08-14 14:55 - 00000241 _____ C:\Users\*****\Documents\Snuff.txt
2013-08-14 12:14 - 2012-02-27 22:10 - 00000000 ____D C:\Users\*****\Documents\Bauing_ebooks
2013-08-14 10:49 - 2013-08-14 10:47 - 00000000 ____D C:\Users\*****\.BrainYoo2
2013-08-14 10:47 - 2013-08-14 10:47 - 00000000 ____D C:\ProgramData\Brainyoo2
2013-08-14 10:46 - 2013-08-14 10:46 - 00000000 ____D C:\Program Files (x86)\BrainYoo2
2013-08-14 10:45 - 2013-08-14 10:45 - 20529728 _____ C:\Users\*****\Downloads\BrainYoo-Setup.exe
2013-08-14 09:17 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-14 01:24 - 2011-11-17 19:12 - 00000000 ____D C:\Users\*****\Documents\E-books
2013-08-13 23:47 - 2012-07-13 16:31 - 00000000 ____D C:\Users\*****\Documents\Geotechnik
2013-08-13 10:41 - 2013-02-11 11:42 - 00000000 ____D C:\Users\*****\Documents\Verträge, Abos usw
2013-08-13 10:41 - 2012-07-13 16:27 - 00000000 ____D C:\Users\*****\Documents\Bewerbungen, Lebensläufe, Nachweise

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SETUP.EXE
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 14:50

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 11.09.2013, 21:09

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Tweety87 · 12.09.2013, 18:36

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
***** :: *****-PC [Administrator]

11.09.2013 22:24:22
mbam-log-2013-09-11 (22-24-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257845
Laufzeit: 6 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 12.09.2013, 22:38

Fehlt noch ESET

Tweety87 · 13.09.2013, 14:08

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0083c2fea6a0374b9e31ff8d2af7e8e3
# engine=15094
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-12 05:27:50
# local_time=2013-09-12 07:27:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 88 119942 155716742 0 0
# compatibility_mode=5893 16776573 100 94 79325 130636720 0 0
# scanned=271635
# found=0
# cleaned=0
# scan_time=74897
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0083c2fea6a0374b9e31ff8d2af7e8e3
# engine=15106
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-13 11:34:38
# local_time=2013-09-13 01:34:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 88 185150 155781950 0 0
# compatibility_mode=5893 16776573 100 94 144533 130701928 0 0
# scanned=437340
# found=0
# cleaned=0
# scan_time=15274

cosinus · 13.09.2013, 14:09

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Tweety87 · 13.09.2013, 14:15

Alles klar

vielen Dank für die freundliche Unterstützung.

cosinus · 13.09.2013, 14:29

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

11.09.2013, 16:49	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy" Windows7 Pro, AutoCAD - sag ist das ein gewerblich genutztes System, Büro-PC? __________________ Logfiles bitte immer in CODE-Tags posten

12.09.2013, 22:38	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy" Fehlt noch ESET __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy"

Log-Analyse und Auswertung: Windows 7: Malwarebytes Fund "PUP.Optional.OpenCandy"