TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis"

Joachim_78 · 01.12.2013, 14:54

Hallo zusammen,

ich bin neu hier in diesem Forum, habe bisher immer positive Erfahrungen mit eurem Forum gesammelt und eure Tipps haben mir schon oft geholfen. Nun zu meinem Problem:

Ich habe einen Laptop mit Windows 7, 64 bit Version und habe seit ein paar Wochen Leistungseinbusen bemerkt, zudem hat sich immer öfter meine Firewall und mein Avira Professional Programm deaktiviert oder teilweise wurden Funktionen abgeschaltet.

Nach der Installation von IObit Malware Fighter v2.2 wurde mir der Übeltäter in folgendem Ordner entlarvt:

D:\DATEV\PROGRAMM\K0000220\SaparionStarter.exe

Ich darf anmerken, dass mir Avira bei jedem Scan nie einen Hinweis auf Maleware oder eine Infektion gegeben hat. Lediglich ein Hinweis auf "versteckte Ordner".

Ich brauche Hilfe um dieses Sicherheitsproblem zu bekämpfen und hoffentlich zu lösen.

Wie habe ich vorzugehen bzw welche Programme sind zu installieren oder vorher zu löschen um euch die Arbeit zu erleichtern?

schrauber · 01.12.2013, 15:33

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Joachim_78 · 01.12.2013, 19:13

Hier das erste Log-File:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 01-12-2013 15:50:51
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\firefox.exe
(Microsoft Corporation) D:\Programme\MSOffice2007\Office12\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-01] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Advanced SystemCare Ultimate] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [512384 2012-11-07] (IObit)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [288352 2012-08-30] (DATEV eG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL = 
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL = 
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL = 
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePluginFor6.crx

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [1051088 2012-12-13] (IObit)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [623936 2013-07-08] (IOBit)
R3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
U3 aki1np6w; C:\Windows\System32\Drivers\aki1np6w.sys [0 ] (Microsoft Corporation)
U0 dmboot; 
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 15:50 - 2013-12-01 15:52 - 00017327 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 15:49 - 2013-12-01 15:50 - 01959184 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-01 13:41 - 2013-12-01 13:41 - 00003170 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-01 13:41 - 2013-12-01 13:41 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-01 13:41 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:33 - 2013-12-01 13:28 - 00000286 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-12-01 11:33 - 2013-12-01 11:33 - 00003220 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-12-01 11:33 - 2013-12-01 11:33 - 00002582 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-12-01 11:33 - 2013-12-01 11:33 - 00001110 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-12-01 11:33 - 2013-12-01 11:33 - 00001100 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-12-01 11:33 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:18 - 2013-11-24 19:18 - 00001311 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-24 19:17 - 2013-11-24 19:18 - 00003112 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:16 - 2013-12-01 11:33 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-11-24 19:16 - 2013-12-01 11:33 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-24 19:16 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 19:16 - 2013-11-24 19:16 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-11-24 19:14 - 2013-11-24 19:14 - 24964008 _____ (IObit                                                       ) C:\Users\Joachim\Downloads\imf-22setup.exe
2013-11-24 18:47 - 2013-11-24 19:03 - 00004262 _____ C:\Windows\PFRO.log
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:04 - 2013-12-01 13:28 - 00001279 _____ C:\Windows\setupact.log
2013-11-22 16:04 - 2013-11-22 16:05 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:09 - 2013-11-15 04:10 - 00000000 ____D C:\Windows\rescache
2013-11-15 03:13 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 03:13 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 03:13 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 03:13 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 03:13 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 03:13 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 03:13 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 03:13 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 03:13 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 03:13 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:42 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:42 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:42 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:41 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:41 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:41 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-01 15:14 - 2013-11-01 15:23 - 00004879 _____ C:\Users\Joachim\AppData\Local\EmptySettings.xml

==================== One Month Modified Files and Folders =======

2013-12-01 15:52 - 2013-12-01 15:50 - 00017327 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 15:50 - 2013-12-01 15:49 - 01959184 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-01 15:40 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 15:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 13:41 - 2013-12-01 13:41 - 00003170 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-01 13:41 - 2013-12-01 13:41 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-01 13:36 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:36 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:29 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-01 13:28 - 2013-12-01 11:33 - 00000286 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-12-01 13:28 - 2013-11-22 16:04 - 00001279 _____ C:\Windows\setupact.log
2013-12-01 13:28 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 13:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 13:27 - 2009-07-14 06:10 - 01826311 _____ C:\Windows\WindowsUpdate.log
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 13:18 - 2009-07-14 18:58 - 24001546 _____ C:\Windows\system32\perfh007.dat
2013-12-01 13:18 - 2009-07-14 18:58 - 07764278 _____ C:\Windows\system32\perfc007.dat
2013-12-01 13:18 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 11:38 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:35 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-01 11:33 - 2013-12-01 11:33 - 00003220 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-12-01 11:33 - 2013-12-01 11:33 - 00002582 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-12-01 11:33 - 2013-12-01 11:33 - 00001110 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-12-01 11:33 - 2013-12-01 11:33 - 00001100 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-12-01 11:33 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-01 11:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:18 - 2013-11-24 19:18 - 00001311 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-24 19:18 - 2013-11-24 19:17 - 00003112 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:17 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 19:17 - 2013-04-13 18:35 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Apple Computer
2013-11-24 19:16 - 2013-11-24 19:16 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-11-24 19:16 - 2012-01-28 17:08 - 00000000 ____D C:\Users\Joachim\AppData\Local\Google
2013-11-24 19:14 - 2013-11-24 19:14 - 24964008 _____ (IObit                                                       ) C:\Users\Joachim\Downloads\imf-22setup.exe
2013-11-24 19:03 - 2013-11-24 18:47 - 00004262 _____ C:\Windows\PFRO.log
2013-11-24 18:56 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\Origin
2013-11-24 18:47 - 2013-06-26 19:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-24 18:45 - 2011-05-30 09:32 - 00007459 _____ C:\ProgramData\hpzinstall.log
2013-11-24 18:19 - 2011-05-30 09:40 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-24 18:18 - 2011-03-06 10:39 - 00000000 ____D C:\Program Files (x86)\Lexware
2013-11-24 18:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-11-24 18:17 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla
2013-11-24 18:17 - 2012-04-04 18:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-24 18:15 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:05 - 2013-11-22 16:04 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 15:56 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-11-22 15:45 - 2010-11-12 17:12 - 00000000 ____D C:\Users\Joachim\AppData\Local\Adobe
2013-11-22 15:44 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 15:44 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 15:44 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:10 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-11-15 03:32 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-11-15 03:13 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 03:10 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 03:03 - 2010-11-15 06:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 23:00 - 2010-11-21 11:46 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-12 13:01 - 2013-03-25 13:36 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-12 13:01 - 2013-03-25 13:36 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-11 05:50 - 2010-11-09 12:24 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-01 15:23 - 2013-11-01 15:14 - 00004879 _____ C:\Users\Joachim\AppData\Local\EmptySettings.xml
2013-11-01 14:03 - 2012-08-24 20:12 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Lightroom

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-22 16:44

==================== End Of Log ============================

--- --- ---

--- --- ---

und hier der Bericht "Addition-Editor":FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Joachim at 2013-12-01 15:53:20
Running from C:\Users\Joachim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Advanced SystemCare Ultimate (Enabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
6300 (x32 Version: 130.0.365.000)
6300_Help (x32 Version: 82.0.242.000)
6300Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Advanced SystemCare Ultimate 6 (x32 Version: 6.1.0)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
ATI Catalyst Control Center (x32 Version: 2.010.0122.0857)
Avira Internet Security (x32 Version: 14.0.1.749)
B1315AppGuid (x32 Version: 1.0.0)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002)
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002)
CCC Help Danish (x32 Version: 2010.0122.0857.16002)
CCC Help Dutch (x32 Version: 2010.0122.0857.16002)
CCC Help English (x32 Version: 2010.0122.0857.16002)
CCC Help Finnish (x32 Version: 2010.0122.0857.16002)
CCC Help French (x32 Version: 2010.0122.0857.16002)
CCC Help German (x32 Version: 2010.0122.0857.16002)
CCC Help Italian (x32 Version: 2010.0122.0857.16002)
CCC Help Japanese (x32 Version: 2010.0122.0857.16002)
CCC Help Korean (x32 Version: 2010.0122.0857.16002)
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002)
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002)
CCC Help Russian (x32 Version: 2010.0122.0857.16002)
CCC Help Spanish (x32 Version: 2010.0122.0857.16002)
CCC Help Swedish (x32 Version: 2010.0122.0857.16002)
ccc-core-static (x32 Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2010.0122.858.16002)
CCleaner (Version: 4.05)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ConvertXtoDVD 3.0.0.7 (x32 Version: 3.0.0.7)
Copy (x32 Version: 130.0.428.000)
Crystal Reports Runtime XI (x32 Version: 1.0.9)
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0)
DATEV Installation V.3.0 (x32)
Dell Dock (Version: 2.0)
Dell Dock (x32)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.0.5744.02)
Dell Touchpad (Version: 7.1102.101.101)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DFL2010 ConfigDB (x32 Version: 4.17.3326.0)
DFL2010 Microkernel (x32 Version: 4.17.3326.0)
DocProc (x32 Version: 13.0.0.0)
Driver Booster (x32 Version: 1.0)
Fax (x32 Version: 130.0.418.000)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
Haufe iDesk-Service (x32 Version: 11.07.19.8023)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 4.5.0.001)
HTC Sync (x32 Version: 3.3.63)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
IObit Malware Fighter (x32 Version: 2.2)
IPTInstaller (x32 Version: 4.0.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Lexware Admintools Plus (x32 Version: 12.00.00.0116)
Lexware buchhalter 2013 (x32 Version: 18.00.00.0090)
Lexware Datenbank plus 2012 (x32 Version: 12.00.00.0116)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 German Language Pack (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PowerDVD DX (x32 Version: 8.3.6029)
Quickset64 (Version: 9.6.18)
Ravensburger tiptoi (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083)
RENESIS® Player Browser Plugins (x32 Version: 1.1.1)
Scan (x32 Version: 13.0.0.0)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Skins (x32 Version: 2010.0122.858.16002)
Smart Defrag 2 (x32 Version: 2.9)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.5000.00)
Status (x32 Version: 130.0.469.000)
TAXMAN 2010 (x32 Version: 16.11.00.0005)
TAXMAN 2011 (x32 Version: 17.03.00.0008)
TAXMAN 2012 (x32 Version: 18.07.00.0008)
TAXMAN 2013 (x32 Version: 19.06.00.0003)
TAXMAN Bibliothek 2010 (x32 Version: 16.0.1.0)
TAXMAN Bibliothek 2011 (x32 Version: 17.10.0.0)
TAXMAN Bibliothek 2012 (x32 Version: 18.1.0.0)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UseNeXT by Tangysoft (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WebReg (x32 Version: 130.0.132.017)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-07 19:43 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {002ECE06-B672-4BF0-8AB3-1DB2C9033B76} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {0DBB5AFD-DF1A-4FF3-A62E-307F45DB8DCE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {0FA4C614-B71C-4581-99CD-53412052A3E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1939E4F7-C954-43C7-BF73-672D00CEA55E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {3D98D957-476A-453C-AAD2-95A7D4F9CE2D} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2013-07-06] (IObit)
Task: {3E67146D-AF75-40EE-8403-9515A16EC4AE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {3E6B16AB-7040-4BCD-A09A-861237B7FFF1} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {4367099A-B7FD-4E21-B3C4-E7C67B07CC72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {45BE23A1-BC23-408F-B144-4D37D6E31644} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {65258A2C-A505-4398-9A4B-47B5B78E9CBF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => D:\Programme\TuneUp2010\OneClick.exe
Task: {6673DD92-8A96-4386-B1A1-C6F6667F4003} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: {6AE2FE40-D4EA-4F6A-BD85-088351D520D3} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {785D745C-FAC4-4440-B10C-A0472A86395B} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {8F1B1323-E808-4D13-B1E6-3D9E909A12B9} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {9244FB39-3578-4BE7-BB12-C33988A236B2} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {94050AA7-C45B-4F34-83AC-34CEC0D233F4} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe
Task: {9644DBCC-B95C-4E48-A938-19448D04853B} - System32\Tasks\Update Manager => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A1D542C2-71E7-4DAC-A128-C88FC146DE4C} - System32\Tasks\{374D2BF7-493A-4394-9FA4-5366C294F8D1} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {D5C178C9-7D82-4E10-95DD-C76E1AAC095C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Task: {D88D7AA3-B5BE-4BAB-AA7C-8362D308838E} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {DD65AA1E-BF3D-4922-AE46-20D01966E301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: {EE40A4C5-19C4-4996-A3C5-BAD93016E1F3} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-05-26 14:11 - 2009-07-17 17:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-08-15 02:42 - 2013-08-15 02:42 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f5fe42a11e1c0e9d19b251f0d4ed57ce\VistaBridgeLibrary.ni.dll
2010-03-08 17:02 - 2010-03-08 17:02 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-26 14:08 - 2010-05-26 14:08 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-24 19:17 - 2012-04-14 15:41 - 00217944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\bdfltlib.dll
2012-10-10 19:27 - 2012-10-10 19:16 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-24 19:17 - 2012-11-01 10:21 - 00350592 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2013-11-24 19:17 - 2012-11-01 10:21 - 00182656 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2013-11-24 19:17 - 2012-11-01 10:21 - 00050048 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00348992 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00183616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00051008 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2013-11-24 19:17 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00109056 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00010240 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-24 19:16 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2013-11-24 19:16 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2013-11-24 19:16 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-11-24 19:16 - 2013-11-01 09:49 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-11-24 19:16 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2013-11-24 19:16 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-11-24 19:16 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-10-10 19:27 - 2011-10-11 20:03 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2012-10-10 19:27 - 2011-10-11 20:03 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2013-12-01 11:33 - 2013-09-11 19:06 - 00048960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
2013-08-20 16:24 - 2013-08-20 16:24 - 03551640 _____ () C:\Program Files (x86)\Mozilla\mozjs.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () D:\Programme\MSOffice2007\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () D:\Programme\MSOffice2007\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 19:18 - 2011-05-26 19:18 - 00136536 _____ () D:\Programme\MSOffice2007\Office12\OUTLCTL.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 11:59:18 AM) (Source: Application Hang) (User: )
Description: Programm OUTLOOK.EXE, Version 12.0.6680.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1488

Startzeit: 01ceee844ad5184c

Endzeit: 37

Anwendungspfad: D:\PROGRA~1\MSOFFI~1\Office12\OUTLOOK.EXE

Berichts-ID: 97cbcd46-5a77-11e3-908c-c44619e706b7

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (12/01/2013 01:46:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/01/2013 01:27:05 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/01/2013 01:07:53 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (12/01/2013 11:33:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/01/2013 11:33:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/01/2013 11:27:19 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 04:17:22 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 01:29:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎11.‎2013 um 12:24:09 unerwartet heruntergefahren.

Error: (11/29/2013 00:08:05 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 09:55:08 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office Sessions:
=========================
Error: (12/29/2012 07:27:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 395 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/31/2012 07:07:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/03/2012 00:43:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3956.54 MB
Available physical RAM: 1307.19 MB
Total Pagefile: 7911.26 MB
Available Pagefile: 674.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:6.95 GB) NTFS
Drive d: (Privat) (Fixed) (Total:397.3 GB) (Free:183.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6F492B7E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=397 GB) - (Type=OF Extended)

==================== End Of Log ============================

--- --- ---

schrauber · 02.12.2013, 11:34

Hi,

ist das ein Firmenrechner? Wegen Datev. Wenn ja, spezielle Regeln dazu hast Du gelesen?

Lass die angemeckerte Datei bitte mal bei www.virustotal.com scannen, poste den Link zum Ergebnis.

Joachim_78 · 02.12.2013, 19:51

Hallo Schrauber,

die Datei gibt es mit dem angegebenen Namen nicht. Wie kann ich den von dir geforderten Scan trotzdem ausführen?

Zu deiner Frage: "Firmen-Laptop" da Datev, nein ist kein Firmen-Lapi sondern meiner Privat. Ich habe die Datev Software noch für meine Altbestandskunden die mir seit mehrern Jahren die Treue halten, bin aber Hauptberuflich in der Industrie tätig. Ist das der Hilfeleistung abträglich?

Gruß Joachim

schrauber · 03.12.2013, 11:45

Nö. Es gibt nur Regeln bezgl Firmenrechnern die eine eigene IT Abteilung haben (die werden bezahlt

).

Zitat:

D:\DATEV\PROGRAMM\K0000220\SaparionStarter.exe

Diese Datei kannst DU nicht finden? Dann öffne bitte IOBIT (wieso nutzt man sowas

) und lass die Datei aus der Quarantäne.

Joachim_78 · 03.12.2013, 20:23

Hallo Schrauber,

die URL zum Scanergebnis:
https://www.virustotal.com/de/file/542efbe109cd6352ff499aa1080dd13251dd7a1751b7c5afa883b3b6e0dacddc/analysis/1386087538/

Ich bin jetzt verwundert warum die Datei ohne Hinweis auf einen Trojaner überprüft wurde. Ich habe gestern Abend extrem gemerkt welche Leistungseinbusen am Rechner ich hatte: Ich habe mir den Leistungsmonitor von Windoof anzeigen lassen. Ohne geöffnete Programme bin ich bei 27% CPU Leistung, 42% RAM und 0-2% Festplatte.

Als ich gestern im Internet unterwegs war (1 TV-Sender online angeschaut, geöffnetes Outlook Programm um Mails zu beantworten und eine geöffnete Excel Datei) verlangsamte sich die Leistung des Laptops nach 30 min fast im Minutentakt. CPU stieg und stieg bis er bei 100% war, RAM stieg auch bis auf 90% und dann kam die Sicherheitsabschaltung von Windoof..

Ich hoffe diese Informationen sind hilfreich.

Hier ist noch mein Ergebnis von Mailwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.12.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Joachim :: JOACHIM-LAPTOP [Administrator]

03.12.2013 17:43:35
mbam-log-2013-12-03 (17-43-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 453798
Laufzeit: 2 Stunde(n), 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Kannst du mir trotzdem sagen warum mein PC soviel Leistung im Leerlauf verbraucht? Oder was ich tun kann?

Gruß Joachim

schrauber · 04.12.2013, 11:50

Zitat:

Ich bin jetzt verwundert warum die Datei ohne Hinweis auf einen Trojaner überprüft wurde. Ich habe gestern Abend extrem gemerkt welche Leistungseinbusen am Rechner ich hatte: Ich habe mir den Leistungsmonitor von Windoof anzeigen lassen. Ohne geöffnete Programme bin ich bei 27% CPU Leistung, 42% RAM und 0-2% Festplatte.

Das muss ja nit unbedingt zusammen hängen. Die Datei ist auf jeden Fall sauber, das ist ein Fehlalarm von IOBIT.

ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

Joachim_78 · 04.12.2013, 20:40

Hallo Schrauber,
das Programm Process Explorer stürzt regelmäßig ab und muss durch Windoof beendet werden. Seit dem letzten Neustart verfüge ich komischerweise nicht mehr über die Berechtigung Mozilla Firefox öffnen zu dürfen "Wenden Sie sich an den Admin"

Die Windoof Firewall wird bei jedem Neustart deaktiviert, jetzt eben ist der Avira Desktop deaktiviert und soll wieder aktiviert werden. Was ist mit dem Laptop los? Gibt es eine Lösung?

schrauber · 05.12.2013, 12:16

Poste bitte nochmal ein frisches FRST log.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Joachim_78 · 05.12.2013, 12:38

Hallo Schrauber,

hier der aktuelle Scan FRST:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 05-12-2013 12:36:18
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Joachim\Downloads\mozilla firefox setup.exe
() C:\Users\Joachim\AppData\Local\Temp\DM_6GTYjPDldI\DownloadManager.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(DealPly Technologies Ltd.) C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
() C:\Users\Joachim\AppData\Local\Temp\{0E503A0C-7CE8-4E43-A01B-152DDE146C5E}\files\uninst.exe
(DealPly Technologies Ltd) C:\Users\Joachim\AppData\Local\Temp\{0E503A0C-7CE8-4E43-A01B-152DDE146C5E}\o-update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Users\Joachim\AppData\Local\Temp\GUM983.tmp\DealPlyLive.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Microsoft Corporation) D:\Programme\MSOffice2007\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-01] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [Del56556914] - cmd.exe /Q /D /c del "C:\Users\Joachim\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del56556914] - cmd.exe /Q /D /c del "C:\Users\Joachim\AppData\Local\Temp\0.del"
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [DisallowRun] 1
HKCU\...\Policies\Explorer\DisallowRun: [1] firefox.exe
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [288352 2012-08-30] (DATEV eG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1316640 2013-11-25] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1008928 2013-11-25] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL = 
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL = 
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll (weDownload)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: weDownload Manager Pro - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Amazon-Icon - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\amazon-icon@giga.de
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: DealPly  Shopping - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (weDownload Manager Pro) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joachim\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968 2013-11-25] (Conduit)
R3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-12-05] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-12-05] (DealPly Technologies Ltd)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 a6a148r2; C:\Windows\System32\Drivers\a6a148r2.sys [0 ] (Microsoft Corporation)
U0 dmboot; 
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 12:35 - 2013-12-05 12:35 - 01959766 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-05 12:35 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-05 12:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-05 12:33 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-12-05 12:28 - 2013-12-05 12:33 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-12-05 12:28 - 2013-12-05 12:28 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:27 - 2013-12-05 12:28 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 20:19 - 2013-12-04 20:19 - 01108616 _____ C:\Windows\Minidump\120413-18704-01.dmp
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:09 - 2013-12-04 19:22 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-03 20:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:27 - 2013-12-03 20:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:25 - 2013-12-03 20:33 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-03 17:48 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:53 - 2013-12-01 15:55 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-05 12:36 - 00020637 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:16 - 2013-12-04 09:33 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-24 19:16 - 2013-12-03 17:45 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-11-24 19:16 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 18:47 - 2013-12-04 20:45 - 00006412 _____ C:\Windows\PFRO.log
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:04 - 2013-12-04 20:45 - 00001895 _____ C:\Windows\setupact.log
2013-11-22 16:04 - 2013-11-22 16:05 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:09 - 2013-12-04 21:30 - 00000000 ____D C:\Windows\rescache
2013-11-13 17:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:42 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:42 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:42 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:41 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:41 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:41 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

==================== One Month Modified Files and Folders =======

2013-12-05 12:36 - 2013-12-01 15:50 - 00020637 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-05 12:35 - 2013-12-05 12:35 - 01959766 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:35 - 2013-12-05 12:29 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:33 - 2013-12-05 12:28 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-12-05 12:33 - 2013-12-05 12:28 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-12-05 12:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 12:33 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-05 12:32 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-05 12:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-12-05 12:28 - 2013-12-05 12:28 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:28 - 2013-12-05 12:27 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-05 12:26 - 2009-07-14 18:58 - 24136294 _____ C:\Windows\system32\perfh007.dat
2013-12-05 12:26 - 2009-07-14 18:58 - 07808522 _____ C:\Windows\system32\perfc007.dat
2013-12-05 12:26 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 12:25 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 12:24 - 2013-03-25 13:36 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-05 06:40 - 2009-07-14 06:10 - 02073110 _____ C:\Windows\WindowsUpdate.log
2013-12-04 21:30 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-12-04 20:55 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 20:55 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 20:47 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-04 20:46 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 20:45 - 2013-11-24 18:47 - 00006412 _____ C:\Windows\PFRO.log
2013-12-04 20:45 - 2013-11-22 16:04 - 00001895 _____ C:\Windows\setupact.log
2013-12-04 20:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 20:19 - 2013-12-04 20:19 - 01108616 _____ C:\Windows\Minidump\120413-18704-01.dmp
2013-12-04 20:19 - 2013-05-09 03:52 - 00000000 ____D C:\Windows\Minidump
2013-12-04 19:22 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:19 - 2010-11-09 10:32 - 00000000 ____D C:\Users\Joachim
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-04 09:38 - 2010-11-09 10:38 - 00001331 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 09:36 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-12-04 09:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-04 09:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:33 - 2013-12-03 20:25 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 20:27 - 2013-12-03 20:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 17:54 - 2011-12-30 19:41 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-03 17:54 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:48 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 21:25 - 2010-11-11 09:29 - 00000000 ____D C:\Users\Joachim\AppData\Local\Mozilla
2013-12-01 15:55 - 2013-12-01 15:53 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:17 - 2013-04-13 18:35 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Apple Computer
2013-11-24 19:16 - 2012-01-28 17:08 - 00000000 ____D C:\Users\Joachim\AppData\Local\Google
2013-11-24 18:56 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\Origin
2013-11-24 18:47 - 2013-06-26 19:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-24 18:45 - 2011-05-30 09:32 - 00007459 _____ C:\ProgramData\hpzinstall.log
2013-11-24 18:19 - 2011-05-30 09:40 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-24 18:18 - 2011-03-06 10:39 - 00000000 ____D C:\Program Files (x86)\Lexware
2013-11-24 18:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-11-24 18:17 - 2012-04-04 18:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:05 - 2013-11-22 16:04 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 15:45 - 2010-11-12 17:12 - 00000000 ____D C:\Users\Joachim\AppData\Local\Adobe
2013-11-22 15:44 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 15:44 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 15:44 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 03:32 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-11-15 03:13 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 03:10 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 03:03 - 2010-11-15 06:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 23:00 - 2010-11-21 11:46 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-12 13:01 - 2013-03-25 13:36 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-11 05:50 - 2010-11-09 12:24 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
C:\Users\Joachim\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Joachim\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Joachim\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe
C:\Users\Joachim\AppData\Local\Temp\nsi57F4.exe
C:\Users\Joachim\AppData\Local\Temp\nsy7CE3.exe
C:\Users\Joachim\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\sdapskill.exe
C:\Users\Joachim\AppData\Local\Temp\sp_downloader.exe
C:\Users\Joachim\AppData\Local\Temp\SwiftBrowse_s3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-04 21:22

==================== End Of Log ============================

--- --- ---

schrauber · 06.12.2013, 09:43

und MBAR?

Joachim_78 · 06.12.2013, 11:38

Hallo Schrauber,

ich habe jetzt gestern 2 mal den mbar laufen lassen. Einmal hat er was gefunden und auch gleich behoben. Habe dann den Laptop neu gestartet und suche wiederholt "ohne Befund"
Jetzt meine Frage: Wo finde ich die txt. Datei die ich hier posten sollte. Ist die im Programmverzeichnis zu finden welches ich während der Installation angelegt habe oder wo speichert er die ab?

Gruß Joachim

schrauber · 07.12.2013, 11:32

Zitat:

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

.

Joachim_78 · 08.12.2013, 13:06

Hallo Schrauber,

wo finde ich diese txt Datei von mbar?

06.12.2013, 09:43	#12
schrauber /// the machine /// TB-Ausbilder	TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis" und MBAR? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis"

Log-Analyse und Auswertung: TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis"