Seitenladefehler bei FF und SRWare Iron

4genesis · 10.10.2013, 17:22

Hi,

habe seit ein paar Tagen folgendes Problem, ich bekomme bei fast jeder Seite und bei beiden Browsern die Meldung "Seitenladefehler" .
Nach mehrmaligem klicken auf die Seite öffnet sie sich, manchmal nur als Text ohne Grafik.

Wenn ich eine Seite neu mit ping anrufe das selbe.

Router ist ne Fritzbox 3370
Problemgerät ist ein Samsung Notebook R530 mit Windows8, FF24 SRWare Iron 29 Per WLAN

Diese Teile machen kein Problem
Ein Siemens Notebook Win7, FF24 SRWare Iron 29 Per WLAN

Ein SURFACE RT, IE WLAN

Ein PC Win7, FF24 SRWare Iron 29 Per LAN

ipconfig /flushdns hat nichts gebracht.

schrauber · 10.10.2013, 19:58

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

4genesis · 11.10.2013, 06:59

Hi, hier die Ergebnisse von FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Internet (ATTENTION: The logged in user is not administrator) on SAMSUNG-LAPTOP on 11-10-2013 07:46:03
Running from C:\Users\Internet\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Mozilla Corporation) D:\Mozilla\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\McUicnt.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
URLSearchHook: (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default
FF Homepage: hxxp://www.bnv-bamberg.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\Internet\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\firefox-hilfe.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\youtube-videosuche.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: vlcplaylist - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\vlcplaylist@helgatauscher.de.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-09-23] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe [124512 2013-03-03] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2012-03-20] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [232048 2012-01-24] (soft Xpansion)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2013-08-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [561496 2013-08-04] (Kaspersky Lab)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)
U3 idsvc; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-08-04] (Kaspersky Lab)
U5 pccsmcfd; C:\Windows\System32\Drivers\pccsmcfd.sys [18816 2008-08-26] (Nokia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:50 - 2013-10-10 17:51 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:41 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:22 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:32 - 2013-09-22 10:35 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:04 - 2013-09-19 16:06 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-18 20:24 - 2013-09-25 09:15 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-14 07:09 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-14 07:09 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 06:44 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-13 06:44 - 2013-08-16 01:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-13 06:44 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-13 06:44 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-13 06:44 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-13 06:43 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-13 06:43 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-13 06:43 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-13 06:43 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-09-13 06:43 - 2013-07-09 06:16 - 00097112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-09-13 06:43 - 2013-07-09 05:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-09-13 06:43 - 2013-07-09 05:58 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-09-13 06:43 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-09-13 06:43 - 2013-07-04 04:14 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-09-13 06:43 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-13 06:43 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-09-13 06:43 - 2013-06-29 06:45 - 00296280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00159576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00105304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-09-13 06:43 - 2013-06-26 04:29 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-09-13 06:43 - 2013-06-26 04:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-09-13 06:43 - 2013-06-25 01:10 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-09-13 06:43 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-09-13 06:43 - 2013-06-10 21:52 - 00038656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-09-13 06:43 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-09-13 06:43 - 2013-06-10 21:10 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-09-13 06:43 - 2013-06-06 08:03 - 00097024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 07:41 - 2011-02-12 18:20 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-11 07:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-11 06:54 - 2013-01-24 13:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Audacity
2013-10-11 06:16 - 2013-01-06 08:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-11 06:03 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-10 21:00 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-10-10 17:55 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\Documents\Calibre Bibliothek
2013-10-10 17:53 - 2013-04-13 10:13 - 00000611 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-10-10 17:51 - 2013-10-10 17:50 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 17:50 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job
2013-10-10 17:37 - 2012-12-06 10:57 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job
2013-10-10 10:43 - 2012-01-18 16:51 - 00000000 ____D C:\Users\Internet\Documents\download
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-10 08:51 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-09 10:51 - 2011-01-06 20:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 10:51 - 2010-05-08 14:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-09 07:40 - 2011-11-26 17:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Local\Adobe
2013-10-09 07:29 - 2013-01-24 16:39 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Tracing
2013-10-09 07:29 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-09 06:58 - 2010-02-24 10:08 - 00000000 ___HD C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-09 06:36 - 2011-02-12 18:20 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:51 - 2012-12-26 13:28 - 00000000 ____D C:\Users\Internet\Documents\My Digital Editions
2013-10-07 18:50 - 2013-02-04 17:49 - 00595250 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-10-07 18:46 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Internet
2013-10-07 07:09 - 2013-04-29 17:34 - 00677998 _____ C:\WINDOWS\setupact.log
2013-10-07 07:09 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-06 11:43 - 2011-11-11 19:21 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Skype
2013-10-04 14:03 - 2013-02-19 09:16 - 01125415 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 14:02 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-04 13:56 - 2013-01-09 21:09 - 00012889 ____H C:\WINDOWS\system32\BTImages.dat
2013-10-02 12:01 - 2013-07-16 21:48 - 238125415 _____ C:\WINDOWS\MEMORY.DMP
2013-10-02 12:01 - 2013-03-07 19:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 16:33 - 2011-10-03 17:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-30 16:33 - 2011-10-03 17:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\dvdcss
2013-09-30 14:56 - 2011-10-02 16:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Simple Sudoku
2013-09-30 07:10 - 2012-09-17 09:33 - 00017495 _____ C:\Users\Internet\Documents\Güterverbrauch.ods
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:25 - 2011-05-11 19:55 - 00000000 ____D C:\Program Files\SRWare Iron
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-27 11:21 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-26 07:51 - 2013-04-13 10:27 - 00000000 ____D C:\Users\Internet\Documents\My Kindle Content
2013-09-25 09:41 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:35 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:33 - 2013-01-23 14:47 - 00000000 ____D C:\Users\Internet\Documents\Decrypt Output
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 09:22 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Wilfried
2013-09-25 09:19 - 2013-03-03 20:03 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-25 09:15 - 2013-09-18 20:24 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:14 - 2013-03-08 21:19 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:42 - 2013-01-24 19:12 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00000000 ____D C:\Program Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:35 - 2013-09-22 10:32 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:36 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\AppData\Roaming\calibre
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:06 - 2013-09-19 16:04 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-19 01:26 - 2013-09-14 07:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 07:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-16 19:01 - 2013-02-01 19:09 - 00000000 ____D C:\ProgramData\CDRWIN 9
2013-09-16 10:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 09:34 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-13 10:12 - 2013-07-23 16:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-13 10:10 - 2010-05-08 14:23 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Administrator.Wilfried-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Internet\AppData\Local\Temp\Checkupdate.exe
C:\Users\Internet\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Internet\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Internet\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Wilfried\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Wilfried\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Internet at 2013-10-11 07:47:57
Running from C:\Users\Internet\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

7-Zip 9.20
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Amazon Kindle
AnyPC Client (Version: 1.0.0.23)
Atheros Client Installation Program (Version: 1.0.1.0805)
Atheros Client Installation Program (Version: 9.0)
Audacity 2.0.3 (Version: 2.0.3)
AVS Audio Recorder version 4.0
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BatteryLifeExtender (Version: 1.0.1)
Bino 1.1.0 (Version: 1.1.0)
calibre (Version: 1.5.0)
CCleaner (Version: 4.06)
CDRWIN 9 (Version: 9.0.12.1116)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2806)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink Power2Go (Version: 6.0.3108a)
CyberLink PowerDirector (Version: 7.0.3213)
CyberLink PowerDVD 8 (Version: 8.0.2815b)
CyberLink PowerProducer (Version: 5.0.1.1812)
CyberLink YouCam (Version: 2.0.3304)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.6)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
ePUBee DRM Removal (Version: 3.0.1.8)
FileViewPro (Version: 1.5)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foxit Reader (Version: 6.0.6.722)
Free Audio Converter version 5.0.24.430 (Version: 5.0.24.430)
Free Screen Video Recorder version 2.5.28.128 (Version: 2.5.28.128)
Free YouTube Download version 3.2.0.128 (Version: 3.2.0.128)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
ImagXpress (Version: 7.0.74.0)
inSSIDer (Version: 2.1.1)
inSSIDer (Version: 2.1.5)
Intel® Matrix Storage Manager
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8089.726)
Kalydo Player 4.04.02 (HKCU Version: 4.04.02)
LAME v3.99.3 (for Windows)
Langenscheidt Vokabeltrainer
lightshot-3.2.0.0 (Version: 3.2.0.0)
MAGIX Foto Manager 10 (Version: 8.0.1.136)
MAGIX Online Druck Service (Version: 3.4.3.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (Version: 5.1.2.15876)
Marvell Miniport Driver (Version: 11.22.3.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 9.7.0621)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
Mozilla Firefox 5.0 (x86 de) (Version: 5.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
NirSoft Wireless Network Watcher
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA nView Desktop Manager (Version: 6.14.10.12142)
OkayFreedom (Version: 1.1)
OpenOffice 4.0.0 (Version: 4.00.9702)
PC Connectivity Solution (Version: 12.0.76.0)
PC-WELT-ProblemlöserPaket 1.0
Preispilot für Firefox (Version: 2.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Runes of Magic (Version: 4.0.5.2467)
RunesOfMagic (HKCU Version: 4.00.08.2506)
S.A.D. AntiSpy - PC Welt Edition (Version: S.A.D. AntiSpy)
Samsung Recovery Solution 4 (Version: 4.0.0.4)
Samsung Update Plus (Version: 2.0)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
SlimComputer (Version: 1.3.27044)
SparPilot (Version: 2.0.9)
SpeedCommander 10 (Version: 10.0)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SRWare Iron Version SRWare Iron 29.0.1600.1 (Version: SRWare Iron 29.0.1600.1)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Tele2 Mobile Partner (Version: 11.300.05.28.56)
Uninstall StartupStar 2012 (Version: 4.3)
User Guide (Version: 1.0)
VC 9.0 Runtime (Version: 1.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
YouTube Downloader 2.6.5
ZoneAlarm Antivirus (Version: 11.0.780.000)
ZoneAlarm Firewall (Version: 11.0.780.000)
ZoneAlarm Free Antivirus + Firewall (Version: 11.0.780.000)
ZoneAlarm Security (Version: 11.0.780.000)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job => ?
Task: C:\WINDOWS\Tasks\update-sys.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-27 11:21 - 2013-09-27 11:21 - 03279768 _____ () D:\Mozilla\Mozilla Firefox\mozjs.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2011-05-11 19:55 - 2013-09-08 18:23 - 00881152 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-05-11 19:55 - 2013-09-08 18:33 - 00102912 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-03-07 10:14 - 2013-03-01 01:08 - 04050896 _____ () C:\Program Files\SRWare Iron\pdf.dll
2013-03-07 08:00 - 2013-09-08 18:03 - 00861696 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2013-10-09 07:39 - 2013-10-09 07:39 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Internet\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/11/2013 07:13:23 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 09:37:58 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/09/2013 06:36:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (10/07/2013 00:06:04 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 10:24:01 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 07:08:58 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎10.‎2013 um 06:46:17 unerwartet heruntergefahren.

Error: (10/04/2013 06:17:00 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎04.‎10.‎2013 um 13:59:29 unerwartet heruntergefahren.

Error: (10/03/2013 03:12:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/02/2013 00:01:21 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x0000000d, 0x84d43388, 0x00000000, 0x6a77f7a9)C:\WINDOWS\MEMORY.DMP100213-21512-01

Error: (10/02/2013 00:01:21 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎10.‎2013 um 11:09:28 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2013-09-09 10:47:45.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:47:45.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 3036.61 MB
Available physical RAM: 1285.54 MB
Total Pagefile: 6108.61 MB
Available Pagefile: 3563.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1854.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:93.39 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:111.92 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 11.10.2013, 08:58

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

4genesis · 12.10.2013, 15:54

Hi,
hier die Ergebnisse

Code:

ATTFilter

2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 14:00:29 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 14:01:34 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting database refresh
2013/10/12 14:01:34 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Stopping IP protection
2013/10/12 14:01:36 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection stopped successfully
2013/10/12 14:01:43 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Database refreshed successfully
2013/10/12 14:01:43 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 14:01:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 14:09:27 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Executing scheduled update:  Daily
2013/10/12 14:10:18 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Database already up-to-date
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:05:32 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:12:27 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:23:56 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Internet at 2013-10-11 07:47:57
Running from C:\Users\Internet\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

7-Zip 9.20
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Amazon Kindle
AnyPC Client (Version: 1.0.0.23)
Atheros Client Installation Program (Version: 1.0.1.0805)
Atheros Client Installation Program (Version: 9.0)
Audacity 2.0.3 (Version: 2.0.3)
AVS Audio Recorder version 4.0
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BatteryLifeExtender (Version: 1.0.1)
Bino 1.1.0 (Version: 1.1.0)
calibre (Version: 1.5.0)
CCleaner (Version: 4.06)
CDRWIN 9 (Version: 9.0.12.1116)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2806)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink Power2Go (Version: 6.0.3108a)
CyberLink PowerDirector (Version: 7.0.3213)
CyberLink PowerDVD 8 (Version: 8.0.2815b)
CyberLink PowerProducer (Version: 5.0.1.1812)
CyberLink YouCam (Version: 2.0.3304)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.6)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
ePUBee DRM Removal (Version: 3.0.1.8)
FileViewPro (Version: 1.5)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foxit Reader (Version: 6.0.6.722)
Free Audio Converter version 5.0.24.430 (Version: 5.0.24.430)
Free Screen Video Recorder version 2.5.28.128 (Version: 2.5.28.128)
Free YouTube Download version 3.2.0.128 (Version: 3.2.0.128)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
ImagXpress (Version: 7.0.74.0)
inSSIDer (Version: 2.1.1)
inSSIDer (Version: 2.1.5)
Intel® Matrix Storage Manager
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8089.726)
Kalydo Player 4.04.02 (HKCU Version: 4.04.02)
LAME v3.99.3 (for Windows)
Langenscheidt Vokabeltrainer
lightshot-3.2.0.0 (Version: 3.2.0.0)
MAGIX Foto Manager 10 (Version: 8.0.1.136)
MAGIX Online Druck Service (Version: 3.4.3.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (Version: 5.1.2.15876)
Marvell Miniport Driver (Version: 11.22.3.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 9.7.0621)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
Mozilla Firefox 5.0 (x86 de) (Version: 5.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
NirSoft Wireless Network Watcher
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA nView Desktop Manager (Version: 6.14.10.12142)
OkayFreedom (Version: 1.1)
OpenOffice 4.0.0 (Version: 4.00.9702)
PC Connectivity Solution (Version: 12.0.76.0)
PC-WELT-ProblemlöserPaket 1.0
Preispilot für Firefox (Version: 2.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Runes of Magic (Version: 4.0.5.2467)
RunesOfMagic (HKCU Version: 4.00.08.2506)
S.A.D. AntiSpy - PC Welt Edition (Version: S.A.D. AntiSpy)
Samsung Recovery Solution 4 (Version: 4.0.0.4)
Samsung Update Plus (Version: 2.0)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
SlimComputer (Version: 1.3.27044)
SparPilot (Version: 2.0.9)
SpeedCommander 10 (Version: 10.0)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SRWare Iron Version SRWare Iron 29.0.1600.1 (Version: SRWare Iron 29.0.1600.1)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Tele2 Mobile Partner (Version: 11.300.05.28.56)
Uninstall StartupStar 2012 (Version: 4.3)
User Guide (Version: 1.0)
VC 9.0 Runtime (Version: 1.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
YouTube Downloader 2.6.5
ZoneAlarm Antivirus (Version: 11.0.780.000)
ZoneAlarm Firewall (Version: 11.0.780.000)
ZoneAlarm Free Antivirus + Firewall (Version: 11.0.780.000)
ZoneAlarm Security (Version: 11.0.780.000)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job => ?
Task: C:\WINDOWS\Tasks\update-sys.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-27 11:21 - 2013-09-27 11:21 - 03279768 _____ () D:\Mozilla\Mozilla Firefox\mozjs.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2011-05-11 19:55 - 2013-09-08 18:23 - 00881152 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-05-11 19:55 - 2013-09-08 18:33 - 00102912 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-03-07 10:14 - 2013-03-01 01:08 - 04050896 _____ () C:\Program Files\SRWare Iron\pdf.dll
2013-03-07 08:00 - 2013-09-08 18:03 - 00861696 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2013-10-09 07:39 - 2013-10-09 07:39 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Internet\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/11/2013 07:13:23 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 09:37:58 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/09/2013 06:36:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (10/07/2013 00:06:04 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 10:24:01 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 07:08:58 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎10.‎2013 um 06:46:17 unerwartet heruntergefahren.

Error: (10/04/2013 06:17:00 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎04.‎10.‎2013 um 13:59:29 unerwartet heruntergefahren.

Error: (10/03/2013 03:12:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/02/2013 00:01:21 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x0000000d, 0x84d43388, 0x00000000, 0x6a77f7a9)C:\WINDOWS\MEMORY.DMP100213-21512-01

Error: (10/02/2013 00:01:21 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎10.‎2013 um 11:09:28 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2013-09-09 10:47:45.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:47:45.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 3036.61 MB
Available physical RAM: 1285.54 MB
Total Pagefile: 6108.61 MB
Available Pagefile: 3563.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1854.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:93.39 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:111.92 GB) NTFS

==================== MBR & Partition Table ==================



	Code: 

 ATTFilter

  
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x86
Ran by Wilfried on 12.10.2013 at 16:15:09,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1072828290-3828818215-1948454868-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 16:20:14,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
 
FRST Logfile:

FRST Logfile:
 Code: 

 ATTFilter
 
 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Internet (ATTENTION: The logged in user is not administrator) on SAMSUNG-LAPTOP on 12-10-2013 16:37:00
Running from C:\Users\Internet\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DataCardMonitor.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
URLSearchHook: (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default
FF Homepage: hxxp://www.bnv-bamberg.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\Internet\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\firefox-hilfe.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\youtube-videosuche.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: vlcplaylist - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\vlcplaylist@helgatauscher.de.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-09-23] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe [124512 2013-03-03] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2012-03-20] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [232048 2012-01-24] (soft Xpansion)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2013-08-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [561496 2013-08-04] (Kaspersky Lab)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)
U3 idsvc; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-08-04] (Kaspersky Lab)
U5 pccsmcfd; C:\Windows\System32\Drivers\pccsmcfd.sys [18816 2008-08-26] (Nokia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 11:12 - 2013-10-11 11:17 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:47 - 2013-10-11 07:48 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:50 - 2013-10-10 17:51 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:41 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:22 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:32 - 2013-09-22 10:35 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:04 - 2013-09-19 16:06 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-18 20:24 - 2013-09-25 09:15 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-14 07:09 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-14 07:09 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 06:44 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-13 06:44 - 2013-08-16 01:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-13 06:44 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-13 06:44 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-13 06:44 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-13 06:43 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-13 06:43 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-13 06:43 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-13 06:43 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-09-13 06:43 - 2013-07-09 06:16 - 00097112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-09-13 06:43 - 2013-07-09 05:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-09-13 06:43 - 2013-07-09 05:58 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-09-13 06:43 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-09-13 06:43 - 2013-07-04 04:14 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-09-13 06:43 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-13 06:43 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-09-13 06:43 - 2013-06-29 06:45 - 00296280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00159576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00105304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-09-13 06:43 - 2013-06-26 04:29 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-09-13 06:43 - 2013-06-26 04:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-09-13 06:43 - 2013-06-25 01:10 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-09-13 06:43 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-09-13 06:43 - 2013-06-10 21:52 - 00038656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-09-13 06:43 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-09-13 06:43 - 2013-06-10 21:10 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-09-13 06:43 - 2013-06-06 08:03 - 00097024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:29 - 2013-02-04 17:49 - 00609998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-12 16:24 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-12 16:23 - 2013-04-29 17:34 - 00734944 _____ C:\WINDOWS\setupact.log
2013-10-12 16:23 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:16 - 2013-01-06 08:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 16:10 - 2013-09-09 18:17 - 00000000 ____D C:\AdwCleaner
2013-10-12 16:10 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2011-06-28 16:59 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2010-05-08 14:56 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\CheckPoint
2013-10-12 16:05 - 2011-02-12 18:20 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 16:04 - 2013-02-19 18:52 - 00017070 _____ C:\WINDOWS\PFRO.log
2013-10-12 16:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AppCompat
2013-10-12 15:57 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 15:41 - 2011-02-12 18:20 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 15:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-11 21:50 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job
2013-10-11 21:37 - 2012-12-06 10:57 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 21:00 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-10-11 12:20 - 2011-10-02 16:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Simple Sudoku
2013-10-11 11:17 - 2013-10-11 11:12 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 11:12 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\Documents\Calibre Bibliothek
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:48 - 2013-10-11 07:47 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:54 - 2013-01-24 13:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Audacity
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:53 - 2013-04-13 10:13 - 00000611 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-10-10 17:51 - 2013-10-10 17:50 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:43 - 2012-01-18 16:51 - 00000000 ____D C:\Users\Internet\Documents\download
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 10:51 - 2011-01-06 20:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 10:51 - 2010-05-08 14:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-09 07:40 - 2011-11-26 17:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Local\Adobe
2013-10-09 07:29 - 2013-01-24 16:39 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Tracing
2013-10-09 07:29 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-09 06:58 - 2010-02-24 10:08 - 00000000 ___HD C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:51 - 2012-12-26 13:28 - 00000000 ____D C:\Users\Internet\Documents\My Digital Editions
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-10-07 18:46 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Internet
2013-10-06 11:43 - 2011-11-11 19:21 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Skype
2013-10-04 14:03 - 2013-02-19 09:16 - 01125415 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 14:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-04 13:56 - 2013-01-09 21:09 - 00012889 ____H C:\WINDOWS\system32\BTImages.dat
2013-10-02 12:01 - 2013-07-16 21:48 - 238125415 _____ C:\WINDOWS\MEMORY.DMP
2013-10-02 12:01 - 2013-03-07 19:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 16:33 - 2011-10-03 17:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-30 16:33 - 2011-10-03 17:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\dvdcss
2013-09-30 07:10 - 2012-09-17 09:33 - 00017495 _____ C:\Users\Internet\Documents\Güterverbrauch.ods
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:25 - 2011-05-11 19:55 - 00000000 ____D C:\Program Files\SRWare Iron
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-27 11:21 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-26 07:51 - 2013-04-13 10:27 - 00000000 ____D C:\Users\Internet\Documents\My Kindle Content
2013-09-25 09:41 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:35 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:33 - 2013-01-23 14:47 - 00000000 ____D C:\Users\Internet\Documents\Decrypt Output
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 09:22 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Wilfried
2013-09-25 09:19 - 2013-03-03 20:03 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-25 09:15 - 2013-09-18 20:24 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:14 - 2013-03-08 21:19 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:42 - 2013-01-24 19:12 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00000000 ____D C:\Program Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:35 - 2013-09-22 10:32 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:36 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\AppData\Roaming\calibre
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:06 - 2013-09-19 16:04 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-19 01:26 - 2013-09-14 07:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 07:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-16 19:01 - 2013-02-01 19:09 - 00000000 ____D C:\ProgramData\CDRWIN 9
2013-09-16 10:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 09:34 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-13 10:12 - 2013-07-23 16:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-13 10:10 - 2010-05-08 14:23 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Administrator.Wilfried-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Internet\AppData\Local\Temp\Checkupdate.exe
C:\Users\Internet\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Internet\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Internet\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Wilfried\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Wilfried\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
 --- --- ---

--- --- ---

==================== End Of Log ============================

Danke für die Hilfe. Was ich bis jetzt sehe funktioniert wieder alles.

Kanst du mir noch sagen welche Bösewichte Schuld hatten?

schrauber · 13.10.2013, 09:22

Kannst du bitte ale Logs von den Tools aus obiger Anleitung posten?

4genesis · 13.10.2013, 14:32

Hi,

ich versuchs nochmals

Code:

ATTFilter

2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 14:00:04 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 14:00:29 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 14:01:34 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting database refresh
2013/10/12 14:01:34 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Stopping IP protection
2013/10/12 14:01:36 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection stopped successfully
2013/10/12 14:01:43 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Database refreshed successfully
2013/10/12 14:01:43 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 14:01:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 14:09:27 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Executing scheduled update:  Daily
2013/10/12 14:10:18 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Database already up-to-date
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:05:26 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:05:32 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:12:21 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:12:27 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting protection
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Protection started successfully
2013/10/12 16:23:50 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/12 16:23:56 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully

hier noch einer

Code:

ATTFilter

2013/10/13 12:33:39 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Executing scheduled update:  Daily
2013/10/13 12:33:53 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.10.12.03 to version v2013.10.13.02
2013/10/13 12:33:53 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting database refresh
2013/10/13 12:33:54 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Stopping IP protection
2013/10/13 12:33:54 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection stopped successfully
2013/10/13 12:34:07 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Database refreshed successfully
2013/10/13 12:34:07 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	Starting IP protection
2013/10/13 12:34:13 +0200	SAMSUNG-LAPTOP	Internet	MESSAGE	IP Protection started successfully

noch einer

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Internet at 2013-10-11 07:47:57
Running from C:\Users\Internet\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

7-Zip 9.20
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Amazon Kindle
AnyPC Client (Version: 1.0.0.23)
Atheros Client Installation Program (Version: 1.0.1.0805)
Atheros Client Installation Program (Version: 9.0)
Audacity 2.0.3 (Version: 2.0.3)
AVS Audio Recorder version 4.0
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BatteryLifeExtender (Version: 1.0.1)
Bino 1.1.0 (Version: 1.1.0)
calibre (Version: 1.5.0)
CCleaner (Version: 4.06)
CDRWIN 9 (Version: 9.0.12.1116)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2806)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink Power2Go (Version: 6.0.3108a)
CyberLink PowerDirector (Version: 7.0.3213)
CyberLink PowerDVD 8 (Version: 8.0.2815b)
CyberLink PowerProducer (Version: 5.0.1.1812)
CyberLink YouCam (Version: 2.0.3304)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.6)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
ePUBee DRM Removal (Version: 3.0.1.8)
FileViewPro (Version: 1.5)
Firebird SQL Server - MAGIX Edition (Version: 2.1.27.0)
Foxit Reader (Version: 6.0.6.722)
Free Audio Converter version 5.0.24.430 (Version: 5.0.24.430)
Free Screen Video Recorder version 2.5.28.128 (Version: 2.5.28.128)
Free YouTube Download version 3.2.0.128 (Version: 3.2.0.128)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
ImagXpress (Version: 7.0.74.0)
inSSIDer (Version: 2.1.1)
inSSIDer (Version: 2.1.5)
Intel® Matrix Storage Manager
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8089.726)
Kalydo Player 4.04.02 (HKCU Version: 4.04.02)
LAME v3.99.3 (for Windows)
Langenscheidt Vokabeltrainer
lightshot-3.2.0.0 (Version: 3.2.0.0)
MAGIX Foto Manager 10 (Version: 8.0.1.136)
MAGIX Online Druck Service (Version: 3.4.3.0)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (Version: 5.1.2.15876)
Marvell Miniport Driver (Version: 11.22.3.3)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM
Microsoft Works (Version: 9.7.0621)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
Mozilla Firefox 5.0 (x86 de) (Version: 5.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
NirSoft Wireless Network Watcher
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA nView Desktop Manager (Version: 6.14.10.12142)
OkayFreedom (Version: 1.1)
OpenOffice 4.0.0 (Version: 4.00.9702)
PC Connectivity Solution (Version: 12.0.76.0)
PC-WELT-ProblemlöserPaket 1.0
Preispilot für Firefox (Version: 2.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Runes of Magic (Version: 4.0.5.2467)
RunesOfMagic (HKCU Version: 4.00.08.2506)
S.A.D. AntiSpy - PC Welt Edition (Version: S.A.D. AntiSpy)
Samsung Recovery Solution 4 (Version: 4.0.0.4)
Samsung Update Plus (Version: 2.0)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
SlimComputer (Version: 1.3.27044)
SparPilot (Version: 2.0.9)
SpeedCommander 10 (Version: 10.0)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SRWare Iron Version SRWare Iron 29.0.1600.1 (Version: SRWare Iron 29.0.1600.1)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Tele2 Mobile Partner (Version: 11.300.05.28.56)
Uninstall StartupStar 2012 (Version: 4.3)
User Guide (Version: 1.0)
VC 9.0 Runtime (Version: 1.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
YouTube Downloader 2.6.5
ZoneAlarm Antivirus (Version: 11.0.780.000)
ZoneAlarm Firewall (Version: 11.0.780.000)
ZoneAlarm Free Antivirus + Firewall (Version: 11.0.780.000)
ZoneAlarm Security (Version: 11.0.780.000)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job => ?
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job => ?
Task: C:\WINDOWS\Tasks\update-sys.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-27 11:21 - 2013-09-27 11:21 - 03279768 _____ () D:\Mozilla\Mozilla Firefox\mozjs.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2011-05-11 19:55 - 2013-09-08 18:23 - 00881152 _____ () C:\Program Files\SRWare Iron\libglesv2.dll
2011-05-11 19:55 - 2013-09-08 18:33 - 00102912 _____ () C:\Program Files\SRWare Iron\libegl.dll
2013-03-07 10:14 - 2013-03-01 01:08 - 04050896 _____ () C:\Program Files\SRWare Iron\pdf.dll
2013-03-07 08:00 - 2013-09-08 18:03 - 00861696 _____ () C:\Program Files\SRWare Iron\ffmpegsumo.dll
2013-10-09 07:39 - 2013-10-09 07:39 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Internet\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/11/2013 07:13:23 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/10/2013 09:37:58 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/09/2013 06:36:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (10/07/2013 00:06:04 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 10:24:01 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/07/2013 07:08:58 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎10.‎2013 um 06:46:17 unerwartet heruntergefahren.

Error: (10/04/2013 06:17:00 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎04.‎10.‎2013 um 13:59:29 unerwartet heruntergefahren.

Error: (10/03/2013 03:12:42 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (10/02/2013 00:01:21 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x0000000d, 0x84d43388, 0x00000000, 0x6a77f7a9)C:\WINDOWS\MEMORY.DMP100213-21512-01

Error: (10/02/2013 00:01:21 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎10.‎2013 um 11:09:28 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 09:07:25 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/10/2013 08:58:45 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/10/2013 08:58:39 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 06:50:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000BE580000000000008F020000

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (10/07/2013 10:19:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\pc-welt-problemlöserpaket\Tools\speccy\Speccy64.exe

Error: (10/07/2013 10:14:48 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2013-09-09 10:47:45.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:47:45.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:46.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:45.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:44.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-09 10:45:43.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 3036.61 MB
Available physical RAM: 1285.54 MB
Total Pagefile: 6108.61 MB
Available Pagefile: 3563.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1854.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:93.39 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:111.92 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Internet (ATTENTION: The logged in user is not administrator) on SAMSUNG-LAPTOP on 12-10-2013 16:37:00
Running from C:\Users\Internet\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DataCardMonitor.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
URLSearchHook: (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default
FF Homepage: hxxp://www.bnv-bamberg.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\Internet\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\firefox-hilfe.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\youtube-videosuche.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: vlcplaylist - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\vlcplaylist@helgatauscher.de.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-09-23] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe [124512 2013-03-03] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2012-03-20] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [232048 2012-01-24] (soft Xpansion)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2013-08-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [561496 2013-08-04] (Kaspersky Lab)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)
U3 idsvc; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-08-04] (Kaspersky Lab)
U5 pccsmcfd; C:\Windows\System32\Drivers\pccsmcfd.sys [18816 2008-08-26] (Nokia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 11:12 - 2013-10-11 11:17 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:47 - 2013-10-11 07:48 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:50 - 2013-10-10 17:51 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:41 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:22 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:32 - 2013-09-22 10:35 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:04 - 2013-09-19 16:06 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-18 20:24 - 2013-09-25 09:15 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-14 07:09 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-14 07:09 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 06:44 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-13 06:44 - 2013-08-16 01:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-13 06:44 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-13 06:44 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-13 06:44 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-13 06:44 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-13 06:44 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-13 06:44 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-13 06:43 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-13 06:43 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-13 06:43 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-13 06:43 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-13 06:43 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-13 06:43 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-09-13 06:43 - 2013-07-09 06:16 - 00097112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-09-13 06:43 - 2013-07-09 05:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-09-13 06:43 - 2013-07-09 05:58 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-09-13 06:43 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-09-13 06:43 - 2013-07-04 04:14 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-09-13 06:43 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-09-13 06:43 - 2013-07-03 02:10 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-09-13 06:43 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-13 06:43 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-09-13 06:43 - 2013-06-29 06:45 - 00296280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00159576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-09-13 06:43 - 2013-06-29 06:29 - 00105304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-09-13 06:43 - 2013-06-26 04:29 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-09-13 06:43 - 2013-06-26 04:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-09-13 06:43 - 2013-06-25 01:10 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-09-13 06:43 - 2013-06-25 01:09 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-09-13 06:43 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-09-13 06:43 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-09-13 06:43 - 2013-06-10 21:52 - 00038656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-09-13 06:43 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-09-13 06:43 - 2013-06-10 21:10 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-09-13 06:43 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-09-13 06:43 - 2013-06-06 08:03 - 00097024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:29 - 2013-02-04 17:49 - 00609998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-12 16:24 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-12 16:23 - 2013-04-29 17:34 - 00734944 _____ C:\WINDOWS\setupact.log
2013-10-12 16:23 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:16 - 2013-01-06 08:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 16:10 - 2013-09-09 18:17 - 00000000 ____D C:\AdwCleaner
2013-10-12 16:10 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2011-06-28 16:59 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2010-05-08 14:56 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\CheckPoint
2013-10-12 16:05 - 2011-02-12 18:20 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 16:04 - 2013-02-19 18:52 - 00017070 _____ C:\WINDOWS\PFRO.log
2013-10-12 16:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AppCompat
2013-10-12 15:57 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 15:41 - 2011-02-12 18:20 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 15:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-11 21:50 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job
2013-10-11 21:37 - 2012-12-06 10:57 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 21:00 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-10-11 12:20 - 2011-10-02 16:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Simple Sudoku
2013-10-11 11:17 - 2013-10-11 11:12 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 11:12 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\Documents\Calibre Bibliothek
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:48 - 2013-10-11 07:47 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:54 - 2013-01-24 13:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Audacity
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:53 - 2013-04-13 10:13 - 00000611 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-10-10 17:51 - 2013-10-10 17:50 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:43 - 2012-01-18 16:51 - 00000000 ____D C:\Users\Internet\Documents\download
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 10:51 - 2011-01-06 20:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 10:51 - 2010-05-08 14:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-09 07:40 - 2011-11-26 17:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Local\Adobe
2013-10-09 07:29 - 2013-01-24 16:39 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Tracing
2013-10-09 07:29 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-09 06:58 - 2010-02-24 10:08 - 00000000 ___HD C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:51 - 2012-12-26 13:28 - 00000000 ____D C:\Users\Internet\Documents\My Digital Editions
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-10-07 18:46 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Internet
2013-10-06 11:43 - 2011-11-11 19:21 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Skype
2013-10-04 14:03 - 2013-02-19 09:16 - 01125415 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 14:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-04 13:56 - 2013-01-09 21:09 - 00012889 ____H C:\WINDOWS\system32\BTImages.dat
2013-10-02 12:01 - 2013-07-16 21:48 - 238125415 _____ C:\WINDOWS\MEMORY.DMP
2013-10-02 12:01 - 2013-03-07 19:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 16:33 - 2011-10-03 17:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-09-30 16:33 - 2011-10-03 17:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\dvdcss
2013-09-30 07:10 - 2012-09-17 09:33 - 00017495 _____ C:\Users\Internet\Documents\Güterverbrauch.ods
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:25 - 2011-05-11 19:55 - 00000000 ____D C:\Program Files\SRWare Iron
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-27 11:21 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-26 07:51 - 2013-04-13 10:27 - 00000000 ____D C:\Users\Internet\Documents\My Kindle Content
2013-09-25 09:41 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:35 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:33 - 2013-01-23 14:47 - 00000000 ____D C:\Users\Internet\Documents\Decrypt Output
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 09:22 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Wilfried
2013-09-25 09:19 - 2013-03-03 20:03 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-25 09:15 - 2013-09-18 20:24 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:14 - 2013-03-08 21:19 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:42 - 2013-01-24 19:12 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00000000 ____D C:\Program Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:35 - 2013-09-22 10:32 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:36 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\AppData\Roaming\calibre
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:06 - 2013-09-19 16:04 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-19 01:26 - 2013-09-14 07:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 07:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-16 19:01 - 2013-02-01 19:09 - 00000000 ____D C:\ProgramData\CDRWIN 9
2013-09-16 10:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 09:34 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-14 07:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-13 10:12 - 2013-07-23 16:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-13 10:10 - 2010-05-08 14:23 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Administrator.Wilfried-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Internet\AppData\Local\Temp\Checkupdate.exe
C:\Users\Internet\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Internet\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Internet\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Wilfried\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Wilfried\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x86
Ran by Wilfried on 12.10.2013 at 16:15:09,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1072828290-3828818215-1948454868-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 16:20:14,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v3.007 - Bericht erstellt am 12/10/2013 um 16:10:34
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (32 bits)
# Benutzername : Wilfried - SAMSUNG-LAPTOP
# Gestartet von : C:\Users\Internet\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Wilfried\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Wilfried\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Wilfried\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Internet\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\Conduit
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\ConduitCommon
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\jetpack
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Mozilla\Firefox\Profiles\7uptcy4t.default\ConduitCommon
Ordner Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Mozilla\Firefox\Profiles\7uptcy4t.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\Extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Mozilla\Firefox\Profiles\7uptcy4t.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\Extensions\freehdsport@freehdsport.tv.xpi
Datei Gelöscht : C:\Users\Wilfried\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Administrator.Wilfried-PC\Desktop\Search The Web.url
Datei Gelöscht : C:\Users\Administrator.Wilfried-PC\Desktop\sweetpcfix.url
Datei Gelöscht : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Mozilla\Firefox\Profiles\7uptcy4t.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v5.0 (de)

[ Datei : C:\Users\Wilfried\AppData\Roaming\Mozilla\Firefox\Profiles\nzhl9o2r.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "5-4-2010");
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Apr 05 2010 10:59:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Mon Apr 05 2010 10:59:18 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "28-3-2010");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Sun Mar 28 2010 11:59:11 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Apr 05 2010 10:54:22 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_2.5.6.0", "Mon Apr 05 2010 10:54:18 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.LoginCache", 4);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Apr 05 2010 10:54:16 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.bnv-bamberg.de");
Zeile gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Apr 05 2010 10:54:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Apr 05 2010 10:54:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1270023987");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Mar 28 2010 11:59:09 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1269533603");
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2269050.Uninstall", true);
Zeile gelöscht : user_pref("CT2269050.UserID", "UN41494516504080760");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Apr 05 2010 10:54:16 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Zeile gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050.components.129023235807856892", false);
Zeile gelöscht : user_pref("CT2269050.components.129121052374999726", false);
Zeile gelöscht : user_pref("CT2269050.components.2487996182754085553", false);
Zeile gelöscht : user_pref("CT2269050.components.2637975891131883555", false);
Zeile gelöscht : user_pref("CT2269050.components.3884729828034112138", false);
Zeile gelöscht : user_pref("CT2269050.components.6726897064522690064", false);
Zeile gelöscht : user_pref("CT2269050.components.8877840225553681985", false);
Zeile gelöscht : user_pref("CT2269050.components.8898140094016352665", false);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"0924ee61209d127992a3d5b4ff9e50943\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", "\"1365614713\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550", "\"e139de4683379d27a8b98ba428716462\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/634084971246361250.png", "\"462e8b16c4eaca1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"901b82da9efa099714d2df6e86cffc1b\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Wilfried\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\nzhl9o2r.default\\conduitCommon\\modules\\3.16.0.3");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 14 2013 17:48:16 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "1dd3f88d-9983-4f72-bf62-212d97f16bef");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Apr 14 2013 17:48:17 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Apr 14 2013 17:48:17 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "e3f0008a-9d28-4512-8638-6398d0a858a7");
Zeile gelöscht : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://fastestwebsearch.com/search?q={searchTerms}");
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "1ed95fc5-5edb-4d77-976f-4eae854c99fb");

[ Datei : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\prefs.js ]


[ Datei : C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Mozilla\Firefox\Profiles\7uptcy4t.default\prefs.js ]

Zeile gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Tue Dec 27 2011 16:10:14 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.testingCtid", "");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Administrator.Wilfried-PC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\7uptcy4t.default\\conduitCommon\\modules\\3.8.0.8");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 27 2011 16:10:18 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "bf7c48a2-50e1-4237-9a11-f17921f12721");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={C9B1665F-6633-11E2-AC59-002454665662}");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.00000&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.00000");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "google.de PWS");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.bnv-bamberg.de");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{C9B1665F-6633-11E2-AC59-002454665662}");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={C9B1665F-6633-11E2-AC59-002454665662}");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");

*************************

AdwCleaner[R0].txt - [5662 octets] - [09/09/2013 18:17:56]
AdwCleaner[R1].txt - [25311 octets] - [12/10/2013 16:07:31]
AdwCleaner[S0].txt - [5349 octets] - [09/09/2013 18:19:26]
AdwCleaner[S1].txt - [25197 octets] - [12/10/2013 16:10:34]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [25258 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x86
Ran by Wilfried on 12.10.2013 at 16:15:09,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1072828290-3828818215-1948454868-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2013 at 16:20:14,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ich hoffe es passt so

yahoo.de und gmx.net machen immer noch ab und zu Probleme

schrauber · 14.10.2013, 08:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

4genesis · 14.10.2013, 18:59

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7d1828031ba53b4da6f2312f12fc7d2a
# engine=15476
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-14 05:30:52
# local_time=2013-10-14 07:30:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 3446662 41277957 0 0
# compatibility_mode=9217 16776893 100 13 3051720 5463712 0 0
# scanned=195444
# found=2
# cleaned=0
# scan_time=20314
sh=5CA319EBA10412E2FF4A47FD20624385C11A0C2A ft=1 fh=8ad6e907be4811df vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=B48710064B7569D1C22DF7B22F4520A691667973 ft=1 fh=1658a77153b70ee4 vn="Win32/Adware.Yontoo.D application" ac=I fn="C:\Users\Internet\Downloads\SportHunterTVApp_setup(31).exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.74  
   x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
ZoneAlarm Antivirus   
Windows Defender      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 S.A.D. AntiSpy - PC Welt Edition 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 40  
 Adobe Flash Player 	11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (Firefox.) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````

schrauber · 15.10.2013, 09:11

Frisches FRST log bitte. Noch Probleme?

4genesis · 15.10.2013, 15:26

die will manchmal noch nict
hxxp://de-mg42.mail.yahoo.com/neo/launch?.rand=clp3au6lq4u9l#mail

hier der neuste FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Internet (ATTENTION: The logged in user is not administrator) on SAMSUNG-LAPTOP on 15-10-2013 16:19:27
Running from C:\Users\Internet\Downloads
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Startup: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Mozilla\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
URLSearchHook: (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = hxxp://fastestwebsearch.com/search?q={searchterms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default
FF Homepage: hxxp://www.bnv-bamberg.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\Internet\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\firefox-hilfe.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\searchplugins\youtube-videosuche.xml
FF Extension: Deutsches Wörterbuch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: nasanightlaunch - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: vlcplaylist - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\vlcplaylist@helgatauscher.de.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\hmhawygm.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla\Mozilla Firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DCSHost.exe; C:\ProgramData\DatacardService\DCSHost.exe [110592 2009-09-23] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe [124512 2013-03-03] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2012-03-20] ()
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [232048 2012-01-24] (soft Xpansion)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2013-08-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [561496 2013-08-04] (Kaspersky Lab)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
R3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)
U3 idsvc; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75608 2013-08-04] (Kaspersky Lab)
U5 pccsmcfd; C:\Windows\System32\Drivers\pccsmcfd.sys [18816 2008-08-26] (Nokia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 20:02 - 2013-10-14 20:00 - 00001124 _____ C:\Users\Internet\Downloads\checkup.txt
2013-10-14 19:55 - 2013-10-14 20:00 - 00001124 _____ C:\Users\Wilfried\Documents\checkup.txt
2013-10-14 19:51 - 2013-10-14 19:51 - 00891167 _____ C:\Users\Internet\Downloads\SecurityCheck.exe
2013-10-14 13:49 - 2013-10-14 13:48 - 02347384 _____ (ESET) C:\Users\Internet\Downloads\esetsmartinstaller_enu.exe
2013-10-12 16:48 - 2013-10-12 16:48 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Malwarebytes
2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 11:12 - 2013-10-11 11:17 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:47 - 2013-10-11 07:48 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:50 - 2013-10-10 17:51 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:41 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:22 - 2013-09-25 09:35 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:32 - 2013-09-22 10:35 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:04 - 2013-09-19 16:06 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-18 20:24 - 2013-09-25 09:15 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2013-10-15 16:16 - 2013-01-06 08:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-15 16:14 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-15 16:13 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-15 11:41 - 2011-02-12 18:20 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 21:00 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-sys.job
2013-10-14 20:00 - 2013-10-14 20:02 - 00001124 _____ C:\Users\Internet\Downloads\checkup.txt
2013-10-14 20:00 - 2013-10-14 19:55 - 00001124 _____ C:\Users\Wilfried\Documents\checkup.txt
2013-10-14 19:51 - 2013-10-14 19:51 - 00891167 _____ C:\Users\Internet\Downloads\SecurityCheck.exe
2013-10-14 19:33 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 13:50 - 2012-12-06 10:25 - 00000382 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-1000.job
2013-10-14 13:49 - 2013-02-04 17:49 - 00619830 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-14 13:48 - 2013-10-14 13:49 - 02347384 _____ (ESET) C:\Users\Internet\Downloads\esetsmartinstaller_enu.exe
2013-10-13 21:37 - 2012-12-06 10:57 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1072828290-3828818215-1948454868-500.job
2013-10-13 12:06 - 2013-02-01 19:09 - 00000000 ____D C:\ProgramData\CDRWIN 9
2013-10-13 11:15 - 2011-10-03 17:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\vlc
2013-10-13 06:59 - 2012-12-26 13:28 - 00000000 ____D C:\Users\Internet\Documents\My Digital Editions
2013-10-12 16:48 - 2013-10-12 16:48 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Malwarebytes
2013-10-12 16:34 - 2013-10-12 16:34 - 00001100 _____ C:\Users\Internet\Downloads\JRT.txt
2013-10-12 16:23 - 2013-04-29 17:34 - 00734944 _____ C:\WINDOWS\setupact.log
2013-10-12 16:23 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-12 16:20 - 2013-10-12 16:20 - 00001100 _____ C:\Users\Wilfried\Desktop\JRT.txt
2013-10-12 16:15 - 2013-10-12 16:15 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 16:10 - 2013-09-09 18:17 - 00000000 ____D C:\AdwCleaner
2013-10-12 16:10 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2011-06-28 16:59 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\CheckPoint
2013-10-12 16:10 - 2010-05-08 14:56 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\CheckPoint
2013-10-12 16:05 - 2011-02-12 18:20 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 16:04 - 2013-02-19 18:52 - 00017070 _____ C:\WINDOWS\PFRO.log
2013-10-12 16:04 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AppCompat
2013-10-12 13:59 - 2013-10-12 13:59 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 13:59 - 2013-10-12 13:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-11 21:19 - 2013-10-11 21:19 - 01032220 _____ (Thisisu) C:\Users\Internet\Downloads\JRT.exe
2013-10-11 21:18 - 2013-10-11 21:18 - 01048960 _____ C:\Users\Internet\Downloads\adwcleaner.exe
2013-10-11 21:17 - 2013-10-11 21:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Internet\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 12:20 - 2011-10-02 16:56 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Simple Sudoku
2013-10-11 11:17 - 2013-10-11 11:12 - 52705280 _____ C:\Users\Internet\Downloads\calibre-1.6.0.msi
2013-10-11 11:12 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\Documents\Calibre Bibliothek
2013-10-11 07:48 - 2013-10-11 07:48 - 00034907 _____ C:\Users\Internet\Downloads\FRST_alt.txt
2013-10-11 07:48 - 2013-10-11 07:47 - 00023036 _____ C:\Users\Internet\Downloads\Addition.txt
2013-10-11 07:45 - 2013-10-11 07:45 - 00000000 ____D C:\FRST
2013-10-11 06:54 - 2013-01-24 13:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Audacity
2013-10-11 06:12 - 2013-10-11 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Internet\Downloads\HijackThis.exe
2013-10-11 06:11 - 2013-10-11 06:11 - 01087213 _____ (Farbar) C:\Users\Internet\Downloads\FRST.exe
2013-10-10 17:53 - 2013-04-13 10:13 - 00000611 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-10-10 17:51 - 2013-10-10 17:50 - 52494336 _____ C:\Users\Internet\Downloads\calibre-1.5.0.msi
2013-10-10 10:43 - 2012-01-18 16:51 - 00000000 ____D C:\Users\Internet\Documents\download
2013-10-10 10:35 - 2013-10-10 10:35 - 00003911 _____ C:\Users\Internet\Documents\Meine Bücher.csv
2013-10-09 10:51 - 2011-01-06 20:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 10:51 - 2010-05-08 14:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 08:42 - 2013-10-09 08:42 - 00088396 _____ C:\Users\Internet\Documents\bookmarks-2013-10-09.json
2013-10-09 07:40 - 2011-11-26 17:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Local\Adobe
2013-10-09 07:29 - 2013-01-24 16:39 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Tracing
2013-10-09 07:29 - 2012-03-20 12:56 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-09 06:58 - 2010-02-24 10:08 - 00000000 ___HD C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-10-08 20:51 - 2013-10-08 20:51 - 17750408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-07 18:46 - 2013-10-07 18:46 - 00044296 _____ C:\Users\Internet\battery-report.html
2013-10-07 18:46 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Internet
2013-10-06 11:43 - 2011-11-11 19:21 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Skype
2013-10-04 14:03 - 2013-02-19 09:16 - 01125415 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 14:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-04 13:56 - 2013-01-09 21:09 - 00012889 ____H C:\WINDOWS\system32\BTImages.dat
2013-10-02 12:01 - 2013-07-16 21:48 - 238125415 _____ C:\WINDOWS\MEMORY.DMP
2013-10-02 12:01 - 2013-03-07 19:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 16:33 - 2011-10-03 17:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\dvdcss
2013-09-30 07:10 - 2012-09-17 09:33 - 00017495 _____ C:\Users\Internet\Documents\Güterverbrauch.ods
2013-09-29 08:33 - 2013-09-29 08:33 - 00008273 _____ C:\Users\Internet\Desktop\WNetWatcher.exe - Verknüpfung.lnk
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2013-09-29 08:15 - 2013-09-29 08:15 - 00000000 ____D C:\Program Files\NirSoft
2013-09-27 11:25 - 2011-05-11 19:55 - 00000000 ____D C:\Program Files\SRWare Iron
2013-09-27 11:23 - 2013-09-27 11:23 - 30363050 _____ (SRWare                                                      ) C:\Users\Internet\Downloads\srware_iron (2).exe
2013-09-27 11:21 - 2011-09-27 19:03 - 00000000 ____D C:\Users\Internet\AppData\Local\Mozilla
2013-09-26 07:51 - 2013-04-13 10:27 - 00000000 ____D C:\Users\Internet\Documents\My Kindle Content
2013-09-25 09:41 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\decrypt
2013-09-25 09:35 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\.ePUBeedrmremoval
2013-09-25 09:33 - 2013-01-23 14:47 - 00000000 ____D C:\Users\Internet\Documents\Decrypt Output
2013-09-25 09:29 - 2013-09-25 09:29 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.Epubor
2013-09-25 09:28 - 2013-09-25 09:28 - 00000000 ____D C:\Users\Wilfried\AppData\Roaming\.ePUBeedrmremoval
2013-09-25 09:22 - 2013-09-25 09:22 - 00000688 _____ C:\Users\Public\Desktop\ePUBee DRM Removal.lnk
2013-09-25 09:22 - 2013-09-25 09:22 - 00000000 ____D C:\Users\Wilfried\ePUBeedrmremoval
2013-09-25 09:22 - 2013-02-04 17:29 - 00000000 ____D C:\Users\Wilfried
2013-09-25 09:19 - 2013-03-03 20:03 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-25 09:15 - 2013-09-18 20:24 - 00456248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-25 08:59 - 2013-09-25 08:59 - 13592697 _____ (ePUBee Inc.) C:\Users\Internet\Downloads\ePUBeeePUBDRMRemoval.exe
2013-09-23 19:08 - 2013-09-23 19:08 - 00000000 ____D C:\Users\Internet\AppData\Roaming\OpenOffice
2013-09-22 11:16 - 2013-09-22 11:16 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-22 11:15 - 2013-09-22 11:15 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-22 11:14 - 2013-03-08 21:19 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-22 11:11 - 2013-09-22 11:11 - 00000000 ____D C:\Users\Administrator.Wilfried-PC\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-22 10:43 - 2013-09-22 10:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-22 10:42 - 2013-09-22 10:42 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-22 10:42 - 2013-09-22 10:42 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-22 10:42 - 2013-01-24 19:12 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-22 10:42 - 2010-05-18 16:56 - 00000000 ____D C:\Program Files\Java
2013-09-22 10:38 - 2013-09-22 10:38 - 00913832 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2013-09-22 10:35 - 2013-09-22 10:32 - 162401424 _____ C:\Users\Internet\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-19 16:36 - 2013-04-13 10:54 - 00000000 ____D C:\Users\Internet\AppData\Roaming\calibre
2013-09-19 16:10 - 2013-09-19 16:10 - 00000000 ____D C:\Users\Internet\AppData\Local\calibre-cache
2013-09-19 16:06 - 2013-09-19 16:04 - 52523520 _____ C:\Users\Internet\Downloads\calibre-1.3.0.msi
2013-09-19 01:26 - 2013-09-14 07:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-14 07:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-16 10:03 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 09:34 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\NDF

Some content of TEMP:
====================
C:\Users\Administrator.Wilfried-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Internet\AppData\Local\Temp\Checkupdate.exe
C:\Users\Internet\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Internet\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Internet\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Wilfried\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Wilfried\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

schrauber · 15.10.2013, 19:01

was heisst manchmal? und was passiert dann?

4genesis · 16.10.2013, 13:53

Hi,

nach dem abmelden aus Yahoo-Mail, bekam ich die Meldung "Seitenladefehler"

Nach dem letzten FRST ist das auch nicht mehr aufgetreten.

Danke nochmals für deine Mühe.
Welchen Schädling hatte ich denn?

schrauber · 17.10.2013, 08:16

Überwiegend nur Adware.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

4genesis · 18.10.2013, 07:52

Danke Dir nochmals für deine Hilfe.

Habe alles erledigt, kann geschlossen werden.

13.10.2013, 09:22	#6
schrauber /// the machine /// TB-Ausbilder	Seitenladefehler bei FF und SRWare Iron Kannst du bitte ale Logs von den Tools aus obiger Anleitung posten? __________________ --> Seitenladefehler bei FF und SRWare Iron

15.10.2013, 09:11	#10
schrauber /// the machine /// TB-Ausbilder	Seitenladefehler bei FF und SRWare Iron Frisches FRST log bitte. Noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

15.10.2013, 19:01	#12
schrauber /// the machine /// TB-Ausbilder	Seitenladefehler bei FF und SRWare Iron was heisst manchmal? und was passiert dann? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Seitenladefehler bei FF und SRWare Iron

Plagegeister aller Art und deren Bekämpfung: Seitenladefehler bei FF und SRWare Iron