BetterSurf Addware nur halb entfernt

Blizzard79 · 06.02.2014, 11:53

Hallo,

ich wende mich das erste Mal an Euch, weil ich mein BetterSurf Addware PRoblem nicht vollstädnig beseitigen konnte. Was hab ich gemacht:

1.) Malwarebytes 1.75.0.1300 mit aktuellen Updates installiert und einen vollstädnigen Scan laufen lassen (Log siehe unten).
2.) Alle Programme geschlossen, alle Funde zur Enfernung gekenzeichnet und gestartet (inkl. Reboot)
3.) Seit dem gibt es bei Scans mit Malwarebytes keine Funde mehr, allerdings löscht McAfee immer wieder Dateien die er als "Bettersurf" indentifiziert (leider kein Screenshot verfügbar). Ich kann sonst keine Beeinträchtigungen mehr feststellen (Pop-up Windows, Element auf Webseiten oder Youtube).

Ich bitte um Eure geschätzte Hilfe!

Lg, Fred

------------ Beginn des Log-Files ----------------------

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.04.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
karla :: KARLA1 [administrator]

Protection: Enabled

04.02.2014 11:03:54
mbam-log-2014-02-04 (11-03-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 475342
Time elapsed: 1 hour(s), 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\KARLA\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

Registry Keys Detected: 9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerV1alpha3441 (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaPlayerV1alpha3441 (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update veberGreat (PUP.Optional.VeberGreat.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{0082bec3-27ce-44ad-b548-954f86e8975d} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ff12d6d2-d710-4fc6-94e5-0de5e65aff8d} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\Interface\{BB75F45B-E646-4D2D-BB06-6394CD9AD56F} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0082BEC3-27CE-44AD-B548-954F86E8975D} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0082BEC3-27CE-44AD-B548-954F86E8975D} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0082BEC3-27CE-44AD-B548-954F86E8975D} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\windows\SysWOW64\rundll32.exe "C:\Users\KARLA\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaPlayerV1alpha3441.net (PUP.Optional.MediaPlayerAlpha.A) -> Data: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 12
C:\Users\KARLA\AppData\Local\Temp\CT3314932 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\CT3319608 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\KARLA\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441 (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ch (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\icons (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\icons\default (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ie (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.

Files Detected: 34
C:\Users\KARLA\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Users\KARLA\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\uninstall.exe (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsbB0F4.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsf9367.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsq957B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsqAF2E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nstB329.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\Setup2.exe (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\uninstall15516609.exe (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nse5C78.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsn7059.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\nsz97F1.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\GOMPLAYERENSETUP_2.2.56.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\iLividSetup-r484-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\Microsoft_Office_2010_all_versions.full.rar_downloader.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\Microsoft_Office_2010_Product_Key_[Full_Version]_downloader (1).exe (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\Microsoft_Office_2010_Product_Key_[Full_Version]_downloader.exe (PUP.Optional.YourfileDownloader) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\VLC_Media_Player (1).exe (PUP.Optional.SimplyTech) -> Quarantined and deleted successfully.
C:\Users\KARLA\Downloads\VLC_Media_Player.exe (PUP.Optional.SimplyTech) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\CT3314932\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Local\Temp\CT3319608\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\KARLA\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ch\MediaPlayerV1alpha3441.crx (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome.manifest (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\install.rdf (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\ffMediaPlayerV1alpha3441.js (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\overlay.xul (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ff\chrome\content\icons\default\MediaPlayerV1alpha3441_32.png (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha3441\ie\MediaPlayerV1alpha3441.dll (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.

(end)

cosinus · 06.02.2014, 12:00

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Blizzard79 · 06.02.2014, 14:06

Nein ich hab sonst keine Log-Files mehr. McAffee scant nicht die ganze Platte sonder schützt nur, und die Nachrichten, die mir die Löschung einer BetterSurf angzeigt haben, hab ich leider immer gleich gelöscht. Mach ich natürlich jetzt nicht mehr, sondern werde sie posten.

Wie gesagt Malwarebytes kann jetzt nichts mehr finden.

Wie Du empfohlen hast, hab ich mit FRST gescannt. Anbei die Logfiles.

Vielen Dank für Deine Hilfe!
Lg, Fred

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by karla (administrator) on KARLA1 on 06-02-2014 13:04:51
Running from C:\Users\KARLA\Desktop
Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Dropbox, Inc.) C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\ida.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\client-win.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [257400 2013-02-04] (McAfee, Inc.)
HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [32328 2012-11-21] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [865792 2013-01-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-10-26] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493072 2012-10-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [300832 2013-08-02] (Autonomy Corporation plc)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18684064 2013-09-13] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Power2GoExpress8] - [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk
ShortcutTarget: CloudStation.lnk -> C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://athp.hp.com
SearchScopes: HKCU - DefaultScope {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = https://search.portal.hp.com/search/simple.htm?query={searchTerms}
SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPITWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g2t0066.austin.hp.com/hp/HPPKI.cab
DPF: HKLM-x32 {F8638D90-74F6-4E16-A56D-2A9A41980A99} hxxp://g9w2355.houston.hp.com:2025/VB/Package/DART_2023.CAB
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\KARLA\AppData\Roaming\Mozilla\Firefox\Profiles\4bsd89td.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\KARLA\AppData\Roaming\Mozilla\Firefox\Profiles\4bsd89td.default\Extensions\staged [2014-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-04-15]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google-Suche) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Google Mail) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6789408 2013-08-02] (Autonomy Corporation plc)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9272208 2013-08-16] (DisplayLink Corp.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [646192 2013-02-04] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [80448 2012-11-21] (Microsoft Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2013-04-15] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2013-01-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [212664 2012-10-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2013-04-15] (McAfee, Inc.)
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2012-06-02] (Microsoft Corp.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-15] ()
S3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [60816 2013-08-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [202128 2013-08-16] (DisplayLink Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)
R3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53472 2014-01-07] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197576 2013-02-04] (McAfee, Inc.)
S3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2013-04-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2013-04-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-04-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496592 2012-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2013-04-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [76224 2012-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2013-04-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2013-04-15] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4306472 2012-09-27] (Intel Corporation)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-01-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 ohci1394; \SystemRoot\System32\drivers\ohci1394.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 13:04 - 2014-02-06 13:05 - 00023049 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-06 13:04 - 2014-02-06 13:04 - 00000000 ____D () C:\FRST
2014-02-06 13:04 - 2014-02-06 13:03 - 02082304 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-06 13:02 - 2014-02-06 13:03 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 17:56 - 2014-02-06 13:00 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-05 17:56 - 2014-02-05 18:00 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-05 17:56 - 2014-02-05 18:00 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-05 17:56 - 2014-02-05 18:00 - 00003080 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-05 17:56 - 2014-02-05 18:00 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-05 17:56 - 2014-02-05 18:00 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-05 17:56 - 2014-02-05 18:00 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-05 17:56 - 2014-02-05 18:00 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-05 17:56 - 2014-02-05 18:00 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-05 17:56 - 2014-02-05 18:00 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-05 17:56 - 2014-02-05 18:00 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-05 17:56 - 2014-02-05 18:00 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-05 13:35 - 2014-02-05 14:11 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-04 10:59 - 2014-02-04 11:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:26 - 2014-02-04 10:34 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 17:02 - 2014-02-03 17:06 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:56 - 2014-02-03 12:58 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-01 23:35 - 2014-02-04 12:09 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:47 - 2014-01-31 12:49 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:05 - 2014-01-27 18:07 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:36 - 2014-01-27 14:38 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 13:12 - 2014-01-27 12:27 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:11 - 2014-02-05 19:18 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-01-27 12:11 - 2014-02-05 19:18 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-01-27 12:09 - 2014-02-05 19:18 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-01-27 12:09 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-01-27 12:08 - 2014-01-27 12:10 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:08 - 2014-01-27 12:09 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-25 21:19 - 2014-01-25 21:21 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 03:35 - 2014-01-24 12:07 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:34 - 2014-01-24 03:43 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:16 - 2014-01-24 03:19 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-08-02 09:28 - 00593184 _____ (HP) C:\windows\SysWOW64\hpcdmc32.dll
2014-01-24 03:06 - 2013-08-02 09:28 - 00237344 _____ (Hewlett-Packard Company) C:\windows\system32\hpmlm135.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00217376 _____ (Hewlett-Packard) C:\windows\system32\hpmml155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00199968 _____ (Hewlett-Packard) C:\windows\system32\hpmja155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00190240 _____ (Hewlett-Packard) C:\windows\system32\hpmpm081.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00162080 _____ (Hewlett-Packard) C:\windows\system32\hpmtp155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00074016 _____ (Hewlett-Packard) C:\windows\system32\hpmpw081.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00442656 _____ (Hewlett-Packard Corporation) C:\windows\system32\hpcpn155.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00140064 _____ (Hewlett-Packard) C:\windows\system32\hpcjpm.dll
2014-01-24 03:06 - 2013-08-02 09:21 - 00441632 _____ (Hewlett Packard Corporation) C:\windows\SysWOW64\hpcc3155.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\windows\system32\hppdcompio.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\windows\SysWOW64\hppccompio.dll
2014-01-24 03:06 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\windows\system32\FxCompChannel_x64.dll
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 02:11 - 2014-01-24 02:14 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-24 02:09 - 2014-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\veberGreat
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 14:59 - 2014-01-23 21:18 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 11:54 - 2014-01-23 12:06 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-22 22:51 - 2014-02-06 11:31 - 00000000 ____D () C:\Quarantine
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 19:41 - 2014-01-28 17:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-17 19:39 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-17 19:38 - 2014-01-23 23:04 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-17 19:38 - 2014-01-23 22:50 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-17 19:38 - 2012-10-14 13:03 - 00015561 ____N () C:\windows\hpomdl19.dat
2014-01-17 19:21 - 2012-09-25 08:52 - 03867040 _____ () C:\windows\system32\PortChanger.exe
2014-01-17 19:21 - 2012-09-25 08:52 - 02398112 _____ (Hewlett Packard) C:\windows\system32\hppldcoi.dll
2014-01-17 19:21 - 2012-09-25 08:52 - 00151968 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00049056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dot4usb.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00027040 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4Prt.sys
2014-01-17 19:21 - 2009-07-14 02:41 - 00036352 _____ (Hewlett-Packard Company) C:\windows\system32\HPZ3LWN7.DLL
2014-01-17 19:21 - 2009-07-08 11:51 - 00861184 _____ (Hewlett-Packard) C:\windows\system32\hpowiav1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00730624 _____ (Hewlett-Packard Co.) C:\windows\system32\hpotscl1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00498176 _____ (Hewlett-Packard Co.) C:\windows\system32\hpovst01.dll
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-02-04 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 22:18 - 2014-01-30 10:00 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:21 - 2014-01-13 14:23 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:19 - 2014-01-13 14:21 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:08 - 2014-01-29 02:44 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:00 - 2014-01-13 14:03 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:41 - 2014-01-13 13:43 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:37 - 2014-01-13 14:47 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 13:37 - 2014-01-13 13:38 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-13 09:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-13 09:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-13 09:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-13 09:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:16 - 2014-02-05 18:00 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT
2014-01-07 19:36 - 2014-01-07 19:36 - 00000000 ____D () C:\Crash
2014-01-07 18:21 - 2014-01-07 18:21 - 00000000 ____D () C:\Users\KARLA\AppData\Local\SCE
2014-01-07 18:21 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-01-07 18:21 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-01-07 18:21 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-01-07 18:21 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-01-07 18:21 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-01-07 18:21 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-01-07 18:21 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-01-07 18:10 - 2014-01-07 18:11 - 20095616 _____ () C:\Users\KARLA\Downloads\PS2_PSG_setup.exe

==================== One Month Modified Files and Folders =======

2014-02-06 13:05 - 2014-02-06 13:04 - 00023049 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-06 13:04 - 2014-02-06 13:04 - 00000000 ____D () C:\FRST
2014-02-06 13:03 - 2014-02-06 13:04 - 02082304 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-06 13:03 - 2014-02-06 13:02 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-06 13:02 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-06 13:00 - 2014-02-05 17:56 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-06 12:52 - 2013-12-08 17:36 - 00001118 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 12:38 - 2013-04-15 13:22 - 01054403 __RSH () C:\ProgramData\ntuser.pol
2014-02-06 12:25 - 2013-11-15 12:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957994488-842925246-40105171-676649
2014-02-06 12:11 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Packages
2014-02-06 11:54 - 2013-11-15 15:40 - 00000000 ____D () C:\Users\KARLA\Documents\Outlook Files
2014-02-06 11:41 - 2013-11-15 12:38 - 01449012 _____ () C:\windows\WindowsUpdate.log
2014-02-06 11:33 - 2013-11-15 12:50 - 00026170 __RSH () C:\Users\KARLA\ntuser.pol
2014-02-06 11:33 - 2013-11-15 12:49 - 00000000 ____D () C:\Users\KARLA
2014-02-06 11:32 - 2013-11-15 12:40 - 00004552 _____ () C:\windows\system32\config\netlogon.ftl
2014-02-06 11:31 - 2014-01-22 22:51 - 00000000 ____D () C:\Quarantine
2014-02-06 11:31 - 2013-11-15 12:50 - 00002134 _____ () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2014-02-06 11:31 - 2012-07-26 06:26 - 00000202 _____ () C:\windows\win.ini
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 19:18 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-02-05 19:18 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-02-05 19:18 - 2014-01-27 12:09 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-02-05 19:18 - 2014-01-27 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-02-05 18:23 - 2013-11-17 09:38 - 00000000 ___RD () C:\Users\KARLA\Dropbox
2014-02-05 18:23 - 2013-11-17 09:36 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Dropbox
2014-02-05 18:21 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\tracing
2014-02-05 18:00 - 2014-02-05 17:56 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-05 18:00 - 2014-02-05 17:56 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-05 18:00 - 2014-02-05 17:56 - 00003080 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-05 18:00 - 2014-02-05 17:56 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-05 18:00 - 2014-02-05 17:56 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-05 18:00 - 2014-02-05 17:56 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-05 18:00 - 2014-02-05 17:56 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-05 18:00 - 2014-02-05 17:56 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-05 18:00 - 2014-02-05 17:56 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-05 18:00 - 2014-02-05 17:56 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-05 18:00 - 2014-02-05 17:56 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-05 18:00 - 2014-01-09 14:16 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-02-05 17:59 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-05 17:57 - 2013-11-15 17:18 - 00000000 ____D () C:\Program Files (x86)\PC Backup
2014-02-05 17:56 - 2013-12-08 17:36 - 00001114 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 17:56 - 2013-11-15 13:14 - 00003308 _____ () C:\windows\System32\Tasks\Smart Client
2014-02-05 17:56 - 2013-04-15 15:28 - 00002856 _____ () C:\windows\System32\Tasks\Maint
2014-02-05 17:56 - 2013-04-15 15:28 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-02-05 17:53 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-05 17:53 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-02-05 14:11 - 2014-02-05 13:35 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-05 09:30 - 2013-11-16 21:49 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\vlc
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 12:25 - 2013-04-15 15:11 - 00000000 ____D () C:\Program Files\RA2HP
2014-02-04 12:10 - 2013-04-15 17:55 - 00029992 _____ () C:\windows\PFRO.log
2014-02-04 12:09 - 2014-02-01 23:35 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-04 12:09 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2014-02-04 10:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:53 - 2013-12-08 18:37 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 10:34 - 2014-02-04 10:26 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 18:13 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Microsoft Help
2014-02-03 17:09 - 2013-11-15 13:00 - 00000000 ____D () C:\windows\SmartClient
2014-02-03 17:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-02-03 17:06 - 2014-02-03 17:02 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:58 - 2014-02-03 12:56 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-03 11:51 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\VirtualStore
2014-02-03 00:43 - 2013-12-01 00:10 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:49 - 2014-01-31 12:47 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 17:01 - 2013-11-15 12:50 - 00000000 ___RD () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:57 - 2013-04-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-30 10:00 - 2014-01-15 22:18 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-29 02:44 - 2014-01-13 14:08 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-28 18:20 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-01-28 17:37 - 2014-01-17 19:41 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-28 17:31 - 2013-12-31 02:02 - 00503032 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:07 - 2014-01-27 18:05 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:38 - 2014-01-27 14:36 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 12:27 - 2014-01-27 13:12 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:10 - 2014-01-27 12:08 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:09 - 2014-01-27 12:08 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:22 - 2013-04-15 13:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-27 11:19 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-01-25 21:21 - 2014-01-25 21:19 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 12:07 - 2014-01-24 03:35 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:43 - 2014-01-24 03:34 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:19 - 2014-01-24 03:16 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-04-19 15:22 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 03:02 - 2014-01-24 02:09 - 00000000 ____D () C:\Program Files (x86)\veberGreat
2014-01-24 02:55 - 2013-04-15 12:31 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-01-24 02:14 - 2014-01-24 02:11 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-23 23:04 - 2014-01-17 19:38 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:50 - 2014-01-17 19:39 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-23 22:50 - 2014-01-17 19:38 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 22:49 - 2013-11-15 16:50 - 00000000 ____D () C:\ProgramData\HP
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 21:18 - 2014-01-23 14:59 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 15:27 - 2013-11-15 15:52 - 00000000 ____D () C:\Users\KARLA\Documents\Privat
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 12:06 - 2014-01-23 11:54 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:42 - 2013-11-22 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:44 - 2013-11-26 13:19 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HP
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 18:00 - 2013-11-17 09:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 15:32 - 2012-07-26 08:21 - 00028979 _____ () C:\windows\setupact.log
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-15 09:44 - 2013-11-15 15:53 - 00000000 ____D () C:\Users\KARLA\Documents\Produktneuigkeiten
2014-01-14 09:07 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\NDF
2014-01-13 14:47 - 2014-01-13 13:37 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:23 - 2014-01-13 14:21 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:21 - 2014-01-13 14:19 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:03 - 2014-01-13 14:00 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:43 - 2014-01-13 13:41 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:38 - 2014-01-13 13:37 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-12 19:42 - 2013-04-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT
2014-01-07 19:36 - 2014-01-07 19:36 - 00000000 ____D () C:\Crash
2014-01-07 18:21 - 2014-01-07 18:21 - 00000000 ____D () C:\Users\KARLA\AppData\Local\SCE
2014-01-07 18:13 - 2014-01-07 18:13 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-01-07 18:11 - 2014-01-07 18:10 - 20095616 _____ () C:\Users\KARLA\Downloads\PS2_PSG_setup.exe
2014-01-07 04:28 - 2013-04-15 13:07 - 00053472 _____ (McAfee, Inc.) C:\windows\system32\Drivers\FireNfcp.sys

Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\hpadmin\create_shortcut.vbs
C:\Users\hpadmin\reg_off2k7.vbs


Some content of TEMP:
====================
C:\Users\KARLA\AppData\Local\Temp\app.exe
C:\Users\KARLA\AppData\Local\Temp\AutoUpdate.exe
C:\Users\KARLA\AppData\Local\Temp\htmlayout.dll
C:\Users\KARLA\AppData\Local\Temp\i4jdel0.exe
C:\Users\KARLA\AppData\Local\Temp\psWinControl.dll
C:\Users\KARLA\AppData\Local\Temp\Quarantine.exe
C:\Users\KARLA\AppData\Local\Temp\RA_LOG.dll
C:\Users\KARLA\AppData\Local\Temp\Synology-CloudStation-Upgrader-3005.exe
C:\Users\KARLA\AppData\Local\Temp\uninstall15516187.exe
C:\Users\KARLA\AppData\Local\Temp\uninstall15516531.exe
C:\Users\KARLA\AppData\Local\Temp\Uninstaller-7580.exe
C:\Users\KARLA\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 12:25

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by karla at 2014-02-06 13:06:15
Running from C:\Users\KARLA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention-Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU Version:  - Amazon)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (Version: 7.4.50415.0 - DisplayLink Corp.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Eclipse (x32 Version: 5.2.24 - Hewlett-Packard Company)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Follow-Me Settings (x32 Version: 2.0.0506 - Hewlett-Packard)
Forefront Identity Manager Add-ins and Extensions (Version: 4.1.3114.0 - Microsoft Corporation)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Client Automation Application Manager Agent (x32 Version: 9.00.0000 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP ESU for Microsoft Windows 8 (x32 Version: 1.0.4.1 - Hewlett-Packard Company)
HP Fonts (x32 Version: 2.0 - Hewlett-Packard)
HP HD Webcam Driver (x32 Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (x32 Version: 4.6.11.2 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (Version: 14.0 - HP)
HP Port Replicator Software Installer (x32 Version: 1.3.28 - HP)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.002.006.003 - Hewlett-Packard)
HP USB Port Replicator (Version: 7.4.50520.0 - Hewlett-Packard)
HP Virtual Room Client Launcher Plugin (x32 Version: 2.0.0.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
McAfee Agent (x32 Version: 4.6.0.3122 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0202 - McAfee, Inc.) Hidden
McAfee VirusScan Enterprise (x32 Version: 8.8.03000 - McAfee, Inc.)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0.50727.76201 - Hewlett-Packard Company)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Moct 1 Vokabeltrainer (x32 Version: 1.0 - Ernst Klett Sprachen GmbH)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PC Backup Agent (x32 Version: 8.6.2.7 - Autonomy Corporation plc)
PC COE (x32 Version: 31.1.2 - Hewlett-Packard Company)
PC COE Required Settings (x32 Version: 31.1.0 - Hewlett-Packard Company)
Photo Station Uploader (remove only) (x32 Version:  - Synology)
Pixum Fotobuch (x32 Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
ratDVD 0.78.1444 (x32 Version: 0.78.1444 - ratDVD)
Remote Access to HP Network 6.5 (Version: 6.5.4.52064 - Hewlett-Packard Company)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 16.3.9.0 - Synaptics Incorporated)
Synology Cloud Station (remove only) (HKCU Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Lync 2013 (KB2825630) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)
Visual Pinball VPInstaller 1.0.3 (x32 Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

21-01-2014 10:14:55 Scheduled Checkpoint
24-01-2014 01:09:59 Free Driver Scout
24-01-2014 01:33:13 DriverUtilities
27-01-2014 10:21:54 Installed Java 7 Update 51
30-01-2014 15:06:01 Installed PC Backup

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0591DE10-9EAD-459A-A2EC-0D8EFFE58754} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll,SendInventory
Task: {0CBEA7D9-82EF-412C-AC00-754CD8E84D10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {10883327-7B75-43B4-8798-F57E71B8C077} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7C5C-AC0A-4491-A04F-6BDDD3F779D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2FFFBECF-0D0C-428B-9DD3-CAE2B35BF97A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {3DAB4396-E888-4557-9D33-5FB34B0ED2F9} - \Software Updater Ui No Task File
Task: {42DB71D4-8080-47DB-BC1E-DAB3ED12E794} - System32\Tasks\Smart Client => C:\Program Files (x86)\SmartClient\Smart.exe [2013-09-24] (Hewlett-Packard Company)
Task: {544333E7-4976-473D-9D24-5ED444F1163A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {59CFD9ED-1A4D-4F23-BF09-34FB2447B674} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {5CFB52BF-50DE-4A4D-9047-8673AFBD3FB3} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001 => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24] (Hewlett-Packard)
Task: {738FEF93-13B3-46E2-8B5D-73E3B3C51238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {7716AD61-71B7-4475-88B4-1C079B61C1CD} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,CheckForUpdates
Task: {9343A8DB-5700-47EC-B3F7-1DB658BDCD7D} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,RunPatch
Task: {94BCD98D-AF99-4A21-BD7A-77C51794B86B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-10] (Synaptics Incorporated)
Task: {9BBB98BD-F3C9-4FDE-ADB0-F3F348954F3B} - \Software Updater No Task File
Task: {A0E8C584-3163-4137-99F8-AA6D55993C68} - \FreeDriverScout No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AEA838A6-2A32-4B3D-BC73-FFCEEB98ECDC} - System32\Tasks\FMS-Scheduled-Capture_karla => C:\Program Files (x86)\Hewlett-Packard\FMD\Follow-Me Settings\FMS.exe [2013-08-15] (Hewlett-Packard Company)
Task: {BE749ED1-DB7E-4FD7-B92A-C9F488A984D2} - System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll,RunHourlyHook
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6FBB451-03F7-41C6-A73B-A691E668491F} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {CDFDC902-6A18-4C06-A33F-A6CD192DE03C} - System32\Tasks\BitLocker Reminder => C:\Program Files (x86)\SmartClient\Reminder.exe [2013-09-24] (Microsoft)
Task: {D2A1B6A9-426C-40C3-8D86-1B9F2B4020A8} - System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000 => Rundll32.exe C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin A
Task: {D37DB595-F45C-481A-BC05-7A717777CDF2} - System32\Tasks\Maint => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {D4A3B526-5D0E-4D3E-9E2E-B5213BEB47C5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {DE49E4C7-0212-4F07-90F0-8BB0AA59B749} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E78AC204-6EB5-46EB-9DE3-B06BBE7B71BD} - \AmiUpdXp No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job => œí“Ç£G„—¸*ÞFj<
 ÿÿÿÿ Á!C:\windows\system32\rundll32.exe?C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin APC COEPC COE Software Bundles update0Þ-
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe
Task: C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll
Task: C:\windows\Tasks\Maint.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe

==================== Loaded Modules (whitelisted) =============

2012-10-01 21:34 - 2012-10-01 21:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-18 16:08 - 2012-08-24 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-11-22 19:32 - 2012-11-22 19:32 - 00141184 _____ () C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\expat.dll
2013-09-13 09:54 - 2013-09-13 09:54 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\KARLA\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-27 09:13 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01259320 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libsqlite3-0.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00043008 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libgcc_s_dw2-1.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 02554368 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtCore4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 09824768 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtGui4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 01218048 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtNetwork4.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01599298 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icuuc50.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00879630 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libstdc++-6.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 20803927 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icudt50.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1f04
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/05/2014 05:59:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x142c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0x00000505
Fault offset: 0x00014b32
Faulting process id: 0x168c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: DW20.EXE, version: 15.0.4420.1017, time stamp: 0x506733ba
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000374
Fault offset: 0x000da94f
Faulting process id: 0x5ac
Faulting application start time: 0xDW20.EXE0
Faulting application path: DW20.EXE1
Faulting module path: DW20.EXE2
Report Id: DW20.EXE3
Faulting package full name: DW20.EXE4
Faulting package-relative application ID: DW20.EXE5

Error: (02/05/2014 05:06:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x2134
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:02:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Faulting module name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Exception code: 0xc0000005
Fault offset: 0x0000709f
Faulting process id: 0x874
Faulting application start time: 0xVsTskMgr.exe0
Faulting application path: VsTskMgr.exe1
Faulting module path: VsTskMgr.exe2
Report Id: VsTskMgr.exe3
Faulting package full name: VsTskMgr.exe4
Faulting package-relative application ID: VsTskMgr.exe5

Error: (02/05/2014 05:01:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x18c4
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 11:45:19 AM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1ddc
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/04/2014 00:34:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1450
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5


System errors:
=============
Error: (02/06/2014 11:31:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 08:38:02 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object cn={F0ADF5BC-3CB7-4E60-BF8E-399E9DC51DE2},cn=policies,cn=system,DC=emea,DC=cpqcorp,DC=net. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.

Error: (02/05/2014 06:19:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 05:54:08 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/05/2014 05:53:55 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

Error: (02/05/2014 05:02:36 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Task Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/05/2014 09:30:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 10:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:36 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:28 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091f0401cf2294beb36770C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE0f57e5a7-8e89-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:59:59 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32142c01cf22932d4c3d63C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllf1c83d49-8e86-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:42:26 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.16451509889500000050500014b32168c01cf22909dc8c277C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll7e1a24e7-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:42:21 PM) (Source: Application Error)(User: )
Description: DW20.EXE15.0.4420.1017506733bantdll.dll6.2.9200.16420505aaa82c0000374000da94f5ac01cf22913da87658C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXEC:\windows\SYSTEM32\ntdll.dll7b7bdfc4-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:06:20 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32213401cf228b91d739c6C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll72f9db64-8e7f-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:02:35 PM) (Source: Application Error)(User: )
Description: VsTskMgr.exe8.8.0.112850b7bad8VsTskMgr.exe8.8.0.112850b7bad8c00000050000709f87401cf2199b88ff011C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeed2ceec3-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:01:25 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b3218c401cf219e4a89a29dC:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllc344682a-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 11:45:19 AM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091ddc01cf219d2c645835C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEaeb3c20f-8d90-11e3-be9a-b4b676d91d30

Error: (02/04/2014 00:34:54 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b09145001cf219b89fc678fC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE5da96d77-8d90-11e3-be9a-b4b676d91d30


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 8055.46 MB
Available physical RAM: 4119.63 MB
Total Pagefile: 9911.46 MB
Available Pagefile: 5022.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (PC COE) (Fixed) (Total:237.5 GB) (Free:7.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F0C570EE)
Partition 1: (Not Active) - (Size=500 MB) - (Type=27)
Partition 2: (Active) - (Size=499 MB) - (Type=27)
Partition 3: (Not Active) - (Size=237 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Nachtrag: Ich sollte vl. noch erwähnen, dass ich Symptome von BetterSurf vor der Entfernung mit Malwarebytes nur mit WE und nicht mit Chrome hatte. Firefox hatte ich während der Zeit nicht im Einsatz. Ich hoffe es hilft bei der Eingrenzung

cosinus · 06.02.2014, 15:13

Zitat:

Windows 8 Enterprise (X64) OS Language: English(US)
AV: McAfee VirusScan Enterprise

Enterprise?? Woher hast du diese Versionen? Das sieht doch ganz kräftig nach einem gewerblich genutzten System aus.
Und McAfee VirusScan Enterprise ist ein vollwertiger Virenscanner, in sofern ist diene Aussage

Zitat:

McAffee scant nicht die ganze Platte sonder schützt nur, und die Nachrichten,

ein "bisschen" Quatsch mit Soße.

Blizzard79 · 06.02.2014, 15:35

Ja das ist das Firmennotebook. Den Bettersurf dürft ich mir aber beim privaten Surfen eingefangen haben. Wir dürfen das Notebook begrenzt privat verwenden und haben auch Administratorrechte. Dafür beschränkt sich unser Helpdesk auf Neuinstallieren, bei allen Problemen, die nicht Standard sind.

McAffee kann natürlich scannen, ist aber momentan nicht konfiguriert auf regelmäßige Scans der Festplatte. Das wollt ich damit sagen.

cosinus · 06.02.2014, 16:21

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Blizzard79 · 06.02.2014, 16:56

Ich verstehe. Wenn Du mir trotzdem helfen willst, sag ich herzlichen Dank.
Sonst plan ich fürs WE das neu Aufsetzen meines Rechners, das müssen wir auch selbst machen ;-)

Anbei die McAffee Nachricht, die ich gerade erhalten habe. Ist immer wieder der gleiche Ort, wo er was findet.

cosinus · 06.02.2014, 23:43

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Blizzard79 · 08.02.2014, 12:07

Zuerst einmal Danke für Deine Bereitschaft und bisherige Hilfe!

Leider ist meine Festplatte encrypted und das führt zum Abbruch des Scans mit entsprechender Fehlermeldung.

Hast Du noch eine andere Idee?

Lg, Fred

cosinus · 08.02.2014, 12:09

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Blizzard79 · 08.02.2014, 14:50

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.018 - Report created 08/02/2014 at 14:20:35
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Enterprise  (64 bits)
# Username : karla - KARLA1
# Running from : C:\Users\KARLA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERF7DYY4\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\KARLA\AppData\Roaming\Mozilla\Firefox\Profiles\4bsd89td.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2997 octets] - [03/02/2014 17:02:57]
AdwCleaner[R1].txt - [1155 octets] - [08/02/2014 14:19:06]
AdwCleaner[S0].txt - [2948 octets] - [03/02/2014 17:05:43]
AdwCleaner[S1].txt - [1077 octets] - [08/02/2014 14:20:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1137 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 Enterprise x64
Ran by karla on 08.02.2014 at 14:26:58,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealmanager_RASAPI32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealmanager_RASMANCS
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealmanager_RASAPI32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealmanager_RASMANCS



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\vebergreat"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\KARLA\AppData\Roaming\mozilla\firefox\profiles\4bsd89td.default\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 14:32:49,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by karla (administrator) on KARLA1 on 08-02-2014 14:39:38
Running from C:\Users\KARLA\Desktop
Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Dropbox, Inc.) C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\HP\PCSetup\Splashscreen\PCSetup.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\client-win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\ida.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
(Thisisu) C:\Users\KARLA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGKOYULS\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [257400 2013-02-04] (McAfee, Inc.)
HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [32328 2012-11-21] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [865792 2013-01-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-10-26] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493072 2012-10-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [300832 2013-08-02] (Autonomy Corporation plc)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18684064 2013-09-13] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Power2GoExpress8] - [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk
ShortcutTarget: CloudStation.lnk -> C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://athp.hp.com
SearchScopes: HKCU - DefaultScope {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = https://search.portal.hp.com/search/simple.htm?query={searchTerms}
SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPITWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g2t0066.austin.hp.com/hp/HPPKI.cab
DPF: HKLM-x32 {F8638D90-74F6-4E16-A56D-2A9A41980A99} hxxp://g9w2355.houston.hp.com:2025/VB/Package/DART_2023.CAB
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\KARLA\AppData\Roaming\Mozilla\Firefox\Profiles\4bsd89td.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-04-15]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6789408 2013-08-02] (Autonomy Corporation plc)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9272208 2013-08-16] (DisplayLink Corp.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [646192 2013-02-04] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [80448 2012-11-21] (Microsoft Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2013-04-15] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2013-01-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [212664 2012-10-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2013-04-15] (McAfee, Inc.)
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2012-06-02] (Microsoft Corp.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-15] ()
S3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [60816 2013-08-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [202128 2013-08-16] (DisplayLink Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)
R3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53472 2014-01-07] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197576 2013-02-04] (McAfee, Inc.)
S3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2013-04-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2013-04-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-04-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496592 2012-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2013-04-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [76224 2012-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2013-04-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2013-04-15] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4306472 2012-09-27] (Intel Corporation)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-01-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 ohci1394; \SystemRoot\System32\drivers\ohci1394.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 14:32 - 2014-02-08 14:32 - 00001263 _____ () C:\Users\KARLA\Desktop\JRT.txt
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\windows\ERUNT
2014-02-08 11:42 - 2014-02-08 12:03 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-08 11:40 - 2014-02-08 14:16 - 00000000 ____D () C:\Users\KARLA\Desktop\mbar
2014-02-08 11:40 - 2014-02-08 12:03 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-07 16:41 - 2014-02-07 16:41 - 16555199 _____ () C:\Users\KARLA\Downloads\ISS Gen 8 Refresh CEE Final.xlsx
2014-02-07 14:08 - 2014-02-07 14:09 - 48698385 _____ () C:\Users\KARLA\Downloads\Account Performance Report 29 Jan 2014.xlsb
2014-02-07 12:01 - 2014-02-07 12:01 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (3).msi
2014-02-07 11:31 - 2014-02-07 11:31 - 00302489 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Feb'14_V1.xlsm
2014-02-07 11:30 - 2014-02-07 11:30 - 08493245 _____ () C:\Users\KARLA\Downloads\Missed_Attach_Potential_Feb'14_V1.xlsm
2014-02-06 16:53 - 2014-02-06 16:53 - 00000000 _____ () C:\Users\KARLA\Downloads\McAffee.bmp
2014-02-06 14:00 - 2014-02-06 14:07 - 00016303 _____ () C:\windows\diagerr.xml
2014-02-06 14:00 - 2014-02-06 14:07 - 00015243 _____ () C:\windows\diagwrn.xml
2014-02-06 13:06 - 2014-02-06 13:08 - 00034387 _____ () C:\Users\KARLA\Desktop\Addition.txt
2014-02-06 13:04 - 2014-02-08 14:39 - 00021606 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-06 13:04 - 2014-02-08 14:39 - 00000000 ____D () C:\FRST
2014-02-06 13:04 - 2014-02-06 13:03 - 02082304 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-06 13:02 - 2014-02-06 13:03 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 17:56 - 2014-02-08 14:39 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00003082 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-05 17:56 - 2014-02-08 14:24 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-05 17:56 - 2014-02-07 19:39 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-05 17:56 - 2014-02-07 19:39 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-05 13:35 - 2014-02-05 14:11 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-04 10:59 - 2014-02-04 11:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:26 - 2014-02-04 10:34 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 17:02 - 2014-02-08 14:20 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:56 - 2014-02-03 12:58 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-01 23:35 - 2014-02-04 12:09 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:47 - 2014-01-31 12:49 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 16:57 - 2014-02-06 14:00 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:05 - 2014-01-27 18:07 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:36 - 2014-01-27 14:38 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 13:12 - 2014-01-27 12:27 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:11 - 2014-02-08 14:24 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-01-27 12:11 - 2014-02-08 14:24 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-01-27 12:09 - 2014-02-05 19:18 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-01-27 12:09 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-01-27 12:08 - 2014-01-27 12:10 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:08 - 2014-01-27 12:09 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-25 21:19 - 2014-01-25 21:21 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 03:35 - 2014-01-24 12:07 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:34 - 2014-01-24 03:43 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:16 - 2014-01-24 03:19 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-08-02 09:28 - 00593184 _____ (HP) C:\windows\SysWOW64\hpcdmc32.dll
2014-01-24 03:06 - 2013-08-02 09:28 - 00237344 _____ (Hewlett-Packard Company) C:\windows\system32\hpmlm135.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00217376 _____ (Hewlett-Packard) C:\windows\system32\hpmml155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00199968 _____ (Hewlett-Packard) C:\windows\system32\hpmja155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00190240 _____ (Hewlett-Packard) C:\windows\system32\hpmpm081.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00162080 _____ (Hewlett-Packard) C:\windows\system32\hpmtp155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00074016 _____ (Hewlett-Packard) C:\windows\system32\hpmpw081.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00442656 _____ (Hewlett-Packard Corporation) C:\windows\system32\hpcpn155.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00140064 _____ (Hewlett-Packard) C:\windows\system32\hpcjpm.dll
2014-01-24 03:06 - 2013-08-02 09:21 - 00441632 _____ (Hewlett Packard Corporation) C:\windows\SysWOW64\hpcc3155.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\windows\system32\hppdcompio.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\windows\SysWOW64\hppccompio.dll
2014-01-24 03:06 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\windows\system32\FxCompChannel_x64.dll
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 02:11 - 2014-01-24 02:14 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-24 02:09 - 2014-01-24 03:02 - 00000000 ____D () C:\Program Files (x86)\veberGreat
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 14:59 - 2014-01-23 21:18 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 11:54 - 2014-01-23 12:06 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-22 22:51 - 2014-02-08 11:15 - 00000000 ____D () C:\Quarantine
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 19:41 - 2014-01-28 17:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-17 19:39 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-17 19:38 - 2014-01-23 23:04 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-17 19:38 - 2014-01-23 22:50 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-17 19:38 - 2012-10-14 13:03 - 00015561 ____N () C:\windows\hpomdl19.dat
2014-01-17 19:21 - 2012-09-25 08:52 - 03867040 _____ () C:\windows\system32\PortChanger.exe
2014-01-17 19:21 - 2012-09-25 08:52 - 02398112 _____ (Hewlett Packard) C:\windows\system32\hppldcoi.dll
2014-01-17 19:21 - 2012-09-25 08:52 - 00151968 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00049056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dot4usb.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00027040 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4Prt.sys
2014-01-17 19:21 - 2009-07-14 02:41 - 00036352 _____ (Hewlett-Packard Company) C:\windows\system32\HPZ3LWN7.DLL
2014-01-17 19:21 - 2009-07-08 11:51 - 00861184 _____ (Hewlett-Packard) C:\windows\system32\hpowiav1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00730624 _____ (Hewlett-Packard Co.) C:\windows\system32\hpotscl1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00498176 _____ (Hewlett-Packard Co.) C:\windows\system32\hpovst01.dll
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-02-04 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 22:18 - 2014-01-30 10:00 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:21 - 2014-01-13 14:23 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:19 - 2014-01-13 14:21 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:08 - 2014-01-29 02:44 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:00 - 2014-01-13 14:03 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:41 - 2014-01-13 13:43 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:37 - 2014-01-13 14:47 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 13:37 - 2014-01-13 13:38 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-13 09:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-13 09:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-13 09:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-13 09:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:16 - 2014-02-08 14:24 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT

==================== One Month Modified Files and Folders =======

2014-02-08 14:39 - 2014-02-06 13:04 - 00021606 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-08 14:39 - 2014-02-06 13:04 - 00000000 ____D () C:\FRST
2014-02-08 14:39 - 2014-02-05 17:56 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-08 14:33 - 2013-11-15 12:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957994488-842925246-40105171-676649
2014-02-08 14:32 - 2014-02-08 14:32 - 00001263 _____ () C:\Users\KARLA\Desktop\JRT.txt
2014-02-08 14:28 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-08 14:27 - 2012-07-26 06:26 - 00000202 _____ () C:\windows\win.ini
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\windows\ERUNT
2014-02-08 14:26 - 2013-11-15 13:14 - 00003308 _____ () C:\windows\System32\Tasks\Smart Client
2014-02-08 14:24 - 2014-02-05 17:56 - 00003082 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-08 14:24 - 2014-02-05 17:56 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-08 14:24 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-02-08 14:24 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-02-08 14:24 - 2014-01-09 14:16 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-02-08 14:24 - 2013-12-08 17:36 - 00001114 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 14:24 - 2013-11-17 09:38 - 00000000 ___RD () C:\Users\KARLA\Dropbox
2014-02-08 14:24 - 2013-11-17 09:36 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Dropbox
2014-02-08 14:24 - 2013-11-15 12:50 - 00026170 __RSH () C:\Users\KARLA\ntuser.pol
2014-02-08 14:24 - 2013-11-15 12:50 - 00002134 _____ () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2014-02-08 14:24 - 2013-11-15 12:49 - 00000000 ____D () C:\Users\KARLA
2014-02-08 14:24 - 2013-04-15 15:28 - 00002856 _____ () C:\windows\System32\Tasks\Maint
2014-02-08 14:24 - 2013-04-15 15:28 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-02-08 14:24 - 2013-04-15 13:22 - 01054403 __RSH () C:\ProgramData\ntuser.pol
2014-02-08 14:22 - 2013-11-15 17:18 - 00000000 ____D () C:\Program Files (x86)\PC Backup
2014-02-08 14:22 - 2013-11-15 12:40 - 00004552 _____ () C:\windows\system32\config\netlogon.ftl
2014-02-08 14:22 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-08 14:21 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-02-08 14:20 - 2014-02-03 17:02 - 00000000 ____D () C:\AdwCleaner
2014-02-08 14:16 - 2014-02-08 11:40 - 00000000 ____D () C:\Users\KARLA\Desktop\mbar
2014-02-08 13:26 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-08 12:03 - 2014-02-08 11:42 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-08 12:03 - 2014-02-08 11:40 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-08 11:52 - 2013-12-08 17:36 - 00001118 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-08 11:38 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Packages
2014-02-08 11:27 - 2013-11-15 12:38 - 01549627 _____ () C:\windows\WindowsUpdate.log
2014-02-08 11:17 - 2013-11-15 15:40 - 00000000 ____D () C:\Users\KARLA\Documents\Outlook Files
2014-02-08 11:15 - 2014-01-22 22:51 - 00000000 ____D () C:\Quarantine
2014-02-07 19:39 - 2014-02-05 17:56 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-07 19:39 - 2014-02-05 17:56 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-07 16:41 - 2014-02-07 16:41 - 16555199 _____ () C:\Users\KARLA\Downloads\ISS Gen 8 Refresh CEE Final.xlsx
2014-02-07 14:09 - 2014-02-07 14:08 - 48698385 _____ () C:\Users\KARLA\Downloads\Account Performance Report 29 Jan 2014.xlsb
2014-02-07 12:01 - 2014-02-07 12:01 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (3).msi
2014-02-07 11:31 - 2014-02-07 11:31 - 00302489 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Feb'14_V1.xlsm
2014-02-07 11:30 - 2014-02-07 11:30 - 08493245 _____ () C:\Users\KARLA\Downloads\Missed_Attach_Potential_Feb'14_V1.xlsm
2014-02-07 11:29 - 2013-04-15 15:11 - 00000000 ____D () C:\Program Files\RA2HP
2014-02-07 10:59 - 2013-11-15 15:59 - 00000000 ____D () C:\Users\KARLA\Documents\TS
2014-02-07 09:58 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\tracing
2014-02-06 16:53 - 2014-02-06 16:53 - 00000000 _____ () C:\Users\KARLA\Downloads\McAffee.bmp
2014-02-06 14:07 - 2014-02-06 14:00 - 00016303 _____ () C:\windows\diagerr.xml
2014-02-06 14:07 - 2014-02-06 14:00 - 00015243 _____ () C:\windows\diagwrn.xml
2014-02-06 14:00 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-02-06 14:00 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Hewlett-Packard
2014-02-06 13:08 - 2014-02-06 13:06 - 00034387 _____ () C:\Users\KARLA\Desktop\Addition.txt
2014-02-06 13:03 - 2014-02-06 13:04 - 02082304 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-06 13:03 - 2014-02-06 13:02 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 19:18 - 2014-01-27 12:09 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-02-05 19:18 - 2014-01-27 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-02-05 14:11 - 2014-02-05 13:35 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-05 09:30 - 2013-11-16 21:49 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\vlc
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 12:10 - 2013-04-15 17:55 - 00029992 _____ () C:\windows\PFRO.log
2014-02-04 12:09 - 2014-02-01 23:35 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-04 12:09 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2014-02-04 10:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:53 - 2013-12-08 18:37 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 10:34 - 2014-02-04 10:26 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 18:13 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Microsoft Help
2014-02-03 17:09 - 2013-11-15 13:00 - 00000000 ____D () C:\windows\SmartClient
2014-02-03 17:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:58 - 2014-02-03 12:56 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-03 11:51 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\VirtualStore
2014-02-03 00:43 - 2013-12-01 00:10 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:49 - 2014-01-31 12:47 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 17:01 - 2013-11-15 12:50 - 00000000 ___RD () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:57 - 2013-04-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-30 10:00 - 2014-01-15 22:18 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-29 02:44 - 2014-01-13 14:08 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-28 18:20 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-01-28 17:37 - 2014-01-17 19:41 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-28 17:31 - 2013-12-31 02:02 - 00503032 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:07 - 2014-01-27 18:05 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:38 - 2014-01-27 14:36 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 12:27 - 2014-01-27 13:12 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:10 - 2014-01-27 12:08 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:09 - 2014-01-27 12:08 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:22 - 2013-04-15 13:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-27 11:19 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-01-25 21:21 - 2014-01-25 21:19 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 12:07 - 2014-01-24 03:35 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:43 - 2014-01-24 03:34 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:19 - 2014-01-24 03:16 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-04-19 15:22 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 03:02 - 2014-01-24 02:09 - 00000000 ____D () C:\Program Files (x86)\veberGreat
2014-01-24 02:55 - 2013-04-15 12:31 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-01-24 02:14 - 2014-01-24 02:11 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-23 23:04 - 2014-01-17 19:38 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:50 - 2014-01-17 19:39 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-23 22:50 - 2014-01-17 19:38 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 22:49 - 2013-11-15 16:50 - 00000000 ____D () C:\ProgramData\HP
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 21:18 - 2014-01-23 14:59 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 15:27 - 2013-11-15 15:52 - 00000000 ____D () C:\Users\KARLA\Documents\Privat
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 12:06 - 2014-01-23 11:54 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:42 - 2013-11-22 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:44 - 2013-11-26 13:19 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HP
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 18:00 - 2013-11-17 09:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-15 09:44 - 2013-11-15 15:53 - 00000000 ____D () C:\Users\KARLA\Documents\Produktneuigkeiten
2014-01-14 09:07 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\NDF
2014-01-13 14:47 - 2014-01-13 13:37 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:23 - 2014-01-13 14:21 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:21 - 2014-01-13 14:19 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:03 - 2014-01-13 14:00 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:43 - 2014-01-13 13:41 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:38 - 2014-01-13 13:37 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-12 19:42 - 2013-04-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT

Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\hpadmin\create_shortcut.vbs
C:\Users\hpadmin\reg_off2k7.vbs


Some content of TEMP:
====================
C:\Users\KARLA\AppData\Local\Temp\app.exe
C:\Users\KARLA\AppData\Local\Temp\AutoUpdate.exe
C:\Users\KARLA\AppData\Local\Temp\i4jdel0.exe
C:\Users\KARLA\AppData\Local\Temp\psWinControl.dll
C:\Users\KARLA\AppData\Local\Temp\Quarantine.exe
C:\Users\KARLA\AppData\Local\Temp\RA_LOG.dll
C:\Users\KARLA\AppData\Local\Temp\Synology-CloudStation-Upgrader-3005.exe
C:\Users\KARLA\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 12:25

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by karla at 2014-02-06 13:06:15
Running from C:\Users\KARLA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention-Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU Version:  - Amazon)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (Version: 7.4.50415.0 - DisplayLink Corp.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Eclipse (x32 Version: 5.2.24 - Hewlett-Packard Company)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Follow-Me Settings (x32 Version: 2.0.0506 - Hewlett-Packard)
Forefront Identity Manager Add-ins and Extensions (Version: 4.1.3114.0 - Microsoft Corporation)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Client Automation Application Manager Agent (x32 Version: 9.00.0000 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP ESU for Microsoft Windows 8 (x32 Version: 1.0.4.1 - Hewlett-Packard Company)
HP Fonts (x32 Version: 2.0 - Hewlett-Packard)
HP HD Webcam Driver (x32 Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (x32 Version: 4.6.11.2 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (Version: 14.0 - HP)
HP Port Replicator Software Installer (x32 Version: 1.3.28 - HP)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.002.006.003 - Hewlett-Packard)
HP USB Port Replicator (Version: 7.4.50520.0 - Hewlett-Packard)
HP Virtual Room Client Launcher Plugin (x32 Version: 2.0.0.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
McAfee Agent (x32 Version: 4.6.0.3122 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0202 - McAfee, Inc.) Hidden
McAfee VirusScan Enterprise (x32 Version: 8.8.03000 - McAfee, Inc.)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0.50727.76201 - Hewlett-Packard Company)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Moct 1 Vokabeltrainer (x32 Version: 1.0 - Ernst Klett Sprachen GmbH)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PC Backup Agent (x32 Version: 8.6.2.7 - Autonomy Corporation plc)
PC COE (x32 Version: 31.1.2 - Hewlett-Packard Company)
PC COE Required Settings (x32 Version: 31.1.0 - Hewlett-Packard Company)
Photo Station Uploader (remove only) (x32 Version:  - Synology)
Pixum Fotobuch (x32 Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
ratDVD 0.78.1444 (x32 Version: 0.78.1444 - ratDVD)
Remote Access to HP Network 6.5 (Version: 6.5.4.52064 - Hewlett-Packard Company)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 16.3.9.0 - Synaptics Incorporated)
Synology Cloud Station (remove only) (HKCU Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Lync 2013 (KB2825630) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)
Visual Pinball VPInstaller 1.0.3 (x32 Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

21-01-2014 10:14:55 Scheduled Checkpoint
24-01-2014 01:09:59 Free Driver Scout
24-01-2014 01:33:13 DriverUtilities
27-01-2014 10:21:54 Installed Java 7 Update 51
30-01-2014 15:06:01 Installed PC Backup

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0591DE10-9EAD-459A-A2EC-0D8EFFE58754} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll,SendInventory
Task: {0CBEA7D9-82EF-412C-AC00-754CD8E84D10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {10883327-7B75-43B4-8798-F57E71B8C077} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7C5C-AC0A-4491-A04F-6BDDD3F779D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2FFFBECF-0D0C-428B-9DD3-CAE2B35BF97A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {3DAB4396-E888-4557-9D33-5FB34B0ED2F9} - \Software Updater Ui No Task File
Task: {42DB71D4-8080-47DB-BC1E-DAB3ED12E794} - System32\Tasks\Smart Client => C:\Program Files (x86)\SmartClient\Smart.exe [2013-09-24] (Hewlett-Packard Company)
Task: {544333E7-4976-473D-9D24-5ED444F1163A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {59CFD9ED-1A4D-4F23-BF09-34FB2447B674} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {5CFB52BF-50DE-4A4D-9047-8673AFBD3FB3} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001 => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24] (Hewlett-Packard)
Task: {738FEF93-13B3-46E2-8B5D-73E3B3C51238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {7716AD61-71B7-4475-88B4-1C079B61C1CD} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,CheckForUpdates
Task: {9343A8DB-5700-47EC-B3F7-1DB658BDCD7D} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,RunPatch
Task: {94BCD98D-AF99-4A21-BD7A-77C51794B86B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-10] (Synaptics Incorporated)
Task: {9BBB98BD-F3C9-4FDE-ADB0-F3F348954F3B} - \Software Updater No Task File
Task: {A0E8C584-3163-4137-99F8-AA6D55993C68} - \FreeDriverScout No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AEA838A6-2A32-4B3D-BC73-FFCEEB98ECDC} - System32\Tasks\FMS-Scheduled-Capture_karla => C:\Program Files (x86)\Hewlett-Packard\FMD\Follow-Me Settings\FMS.exe [2013-08-15] (Hewlett-Packard Company)
Task: {BE749ED1-DB7E-4FD7-B92A-C9F488A984D2} - System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll,RunHourlyHook
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6FBB451-03F7-41C6-A73B-A691E668491F} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {CDFDC902-6A18-4C06-A33F-A6CD192DE03C} - System32\Tasks\BitLocker Reminder => C:\Program Files (x86)\SmartClient\Reminder.exe [2013-09-24] (Microsoft)
Task: {D2A1B6A9-426C-40C3-8D86-1B9F2B4020A8} - System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000 => Rundll32.exe C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin A
Task: {D37DB595-F45C-481A-BC05-7A717777CDF2} - System32\Tasks\Maint => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {D4A3B526-5D0E-4D3E-9E2E-B5213BEB47C5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {DE49E4C7-0212-4F07-90F0-8BB0AA59B749} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E78AC204-6EB5-46EB-9DE3-B06BBE7B71BD} - \AmiUpdXp No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job => œí“Ç£G„—¸*ÞFj<
 ÿÿÿÿ Á!C:\windows\system32\rundll32.exe?C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin APC COEPC COE Software Bundles update0Þ-
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe
Task: C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll
Task: C:\windows\Tasks\Maint.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe

==================== Loaded Modules (whitelisted) =============

2012-10-01 21:34 - 2012-10-01 21:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-18 16:08 - 2012-08-24 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-11-22 19:32 - 2012-11-22 19:32 - 00141184 _____ () C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\expat.dll
2013-09-13 09:54 - 2013-09-13 09:54 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\KARLA\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-27 09:13 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01259320 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libsqlite3-0.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00043008 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libgcc_s_dw2-1.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 02554368 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtCore4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 09824768 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtGui4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 01218048 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtNetwork4.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01599298 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icuuc50.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00879630 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libstdc++-6.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 20803927 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icudt50.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1f04
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/05/2014 05:59:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x142c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0x00000505
Fault offset: 0x00014b32
Faulting process id: 0x168c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: DW20.EXE, version: 15.0.4420.1017, time stamp: 0x506733ba
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000374
Fault offset: 0x000da94f
Faulting process id: 0x5ac
Faulting application start time: 0xDW20.EXE0
Faulting application path: DW20.EXE1
Faulting module path: DW20.EXE2
Report Id: DW20.EXE3
Faulting package full name: DW20.EXE4
Faulting package-relative application ID: DW20.EXE5

Error: (02/05/2014 05:06:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x2134
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:02:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Faulting module name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Exception code: 0xc0000005
Fault offset: 0x0000709f
Faulting process id: 0x874
Faulting application start time: 0xVsTskMgr.exe0
Faulting application path: VsTskMgr.exe1
Faulting module path: VsTskMgr.exe2
Report Id: VsTskMgr.exe3
Faulting package full name: VsTskMgr.exe4
Faulting package-relative application ID: VsTskMgr.exe5

Error: (02/05/2014 05:01:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x18c4
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 11:45:19 AM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1ddc
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/04/2014 00:34:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1450
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5


System errors:
=============
Error: (02/06/2014 11:31:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 08:38:02 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object cn={F0ADF5BC-3CB7-4E60-BF8E-399E9DC51DE2},cn=policies,cn=system,DC=emea,DC=cpqcorp,DC=net. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.

Error: (02/05/2014 06:19:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 05:54:08 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/05/2014 05:53:55 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

Error: (02/05/2014 05:02:36 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Task Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/05/2014 09:30:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 10:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:36 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:28 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091f0401cf2294beb36770C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE0f57e5a7-8e89-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:59:59 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32142c01cf22932d4c3d63C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllf1c83d49-8e86-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:42:26 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.16451509889500000050500014b32168c01cf22909dc8c277C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll7e1a24e7-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:42:21 PM) (Source: Application Error)(User: )
Description: DW20.EXE15.0.4420.1017506733bantdll.dll6.2.9200.16420505aaa82c0000374000da94f5ac01cf22913da87658C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXEC:\windows\SYSTEM32\ntdll.dll7b7bdfc4-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:06:20 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32213401cf228b91d739c6C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll72f9db64-8e7f-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:02:35 PM) (Source: Application Error)(User: )
Description: VsTskMgr.exe8.8.0.112850b7bad8VsTskMgr.exe8.8.0.112850b7bad8c00000050000709f87401cf2199b88ff011C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeed2ceec3-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:01:25 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b3218c401cf219e4a89a29dC:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllc344682a-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 11:45:19 AM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091ddc01cf219d2c645835C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEaeb3c20f-8d90-11e3-be9a-b4b676d91d30

Error: (02/04/2014 00:34:54 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b09145001cf219b89fc678fC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE5da96d77-8d90-11e3-be9a-b4b676d91d30


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 8055.46 MB
Available physical RAM: 4119.63 MB
Total Pagefile: 9911.46 MB
Available Pagefile: 5022.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (PC COE) (Fixed) (Total:237.5 GB) (Free:7.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F0C570EE)
Partition 1: (Not Active) - (Size=500 MB) - (Type=27)
Partition 2: (Active) - (Size=499 MB) - (Type=27)
Partition 3: (Not Active) - (Size=237 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 08.02.2014, 14:52

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Blizzard79 · 08.02.2014, 15:11

Ich hab im Log von JRT, dass er einige Files nicht löschen konnte. Und bin jetzt draufgekommen, dass ich es nicht als Administrator gestartet habe.

Hab es jetzt als Admin wiederholt mit folgenden Ergebnis:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 Enterprise x64
Ran by karla on 08.02.2014 at 14:54:53,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealmanager_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealmanager_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealmanager_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealmanager_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\vebergreat"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 15:03:19,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und hier noch was FRST jetzt dazu sagt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by karla (administrator) on KARLA1 on 08-02-2014 15:05:15
Running from C:\Users\KARLA\Desktop
Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Dropbox, Inc.) C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
() C:\Users\KARLA\AppData\Local\CloudStation\bin\client-win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\ida.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [257400 2013-02-04] (McAfee, Inc.)
HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [32328 2012-11-21] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [865792 2013-01-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-10-26] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493072 2012-10-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [300832 2013-08-02] (Autonomy Corporation plc)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18684064 2013-09-13] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-676649\...\Run: [Power2GoExpress8] - [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\KARLA\create_shortcut.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\KARLA\reg_off2k7.vbs (No File)
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk
ShortcutTarget: CloudStation.lnk -> C:\Users\KARLA\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KARLA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://athp.hp.com
SearchScopes: HKCU - DefaultScope {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {12A6748C-741B-46DF-A175-C6382F92C996} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = https://search.portal.hp.com/search/simple.htm?query={searchTerms}
SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130415115748.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h50203.www5.hp.com/HPITWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g2t0066.austin.hp.com/hp/HPPKI.cab
DPF: HKLM-x32 {F8638D90-74F6-4E16-A56D-2A9A41980A99} hxxp://g9w2355.houston.hp.com:2025/VB/Package/DART_2023.CAB
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\KARLA\AppData\Roaming\Mozilla\Firefox\Profiles\4bsd89td.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-04-15]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\KARLA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6789408 2013-08-02] (Autonomy Corporation plc)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9272208 2013-08-16] (DisplayLink Corp.)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [646192 2013-02-04] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [80448 2012-11-21] (Microsoft Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2013-04-15] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2013-01-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [212664 2012-10-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2013-04-15] (McAfee, Inc.)
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2012-06-02] (Microsoft Corp.)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-15] ()
S3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [60816 2013-08-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [202128 2013-08-16] (DisplayLink Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-08-10] (Intel Corporation)
R3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53472 2014-01-07] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197576 2013-02-04] (McAfee, Inc.)
S3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2013-04-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2013-04-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-04-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496592 2012-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2013-04-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [76224 2012-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2013-04-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2013-04-15] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4306472 2012-09-27] (Intel Corporation)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-01-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 ohci1394; \SystemRoot\System32\drivers\ohci1394.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 15:05 - 2014-02-08 15:05 - 00000000 ____D () C:\Users\KARLA\Desktop\FRST-OlderVersion
2014-02-08 15:03 - 2014-02-08 15:03 - 00001139 _____ () C:\Users\KARLA\Desktop\JRT.txt
2014-02-08 14:54 - 2014-02-08 14:54 - 01037530 _____ (Thisisu) C:\Users\KARLA\Desktop\JRT.exe
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\windows\ERUNT
2014-02-08 11:42 - 2014-02-08 12:03 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-08 11:40 - 2014-02-08 14:16 - 00000000 ____D () C:\Users\KARLA\Desktop\mbar
2014-02-08 11:40 - 2014-02-08 12:03 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-07 16:41 - 2014-02-07 16:41 - 16555199 _____ () C:\Users\KARLA\Downloads\ISS Gen 8 Refresh CEE Final.xlsx
2014-02-07 14:08 - 2014-02-07 14:09 - 48698385 _____ () C:\Users\KARLA\Downloads\Account Performance Report 29 Jan 2014.xlsb
2014-02-07 12:01 - 2014-02-07 12:01 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (3).msi
2014-02-07 11:31 - 2014-02-07 11:31 - 00302489 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Feb'14_V1.xlsm
2014-02-07 11:30 - 2014-02-07 11:30 - 08493245 _____ () C:\Users\KARLA\Downloads\Missed_Attach_Potential_Feb'14_V1.xlsm
2014-02-06 16:53 - 2014-02-06 16:53 - 00000000 _____ () C:\Users\KARLA\Downloads\McAffee.bmp
2014-02-06 14:00 - 2014-02-06 14:07 - 00016303 _____ () C:\windows\diagerr.xml
2014-02-06 14:00 - 2014-02-06 14:07 - 00015243 _____ () C:\windows\diagwrn.xml
2014-02-06 13:06 - 2014-02-06 13:08 - 00034387 _____ () C:\Users\KARLA\Desktop\Addition.txt
2014-02-06 13:04 - 2014-02-08 15:05 - 02079744 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-06 13:04 - 2014-02-08 15:05 - 00021193 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-06 13:04 - 2014-02-08 15:05 - 00000000 ____D () C:\FRST
2014-02-06 13:02 - 2014-02-06 13:03 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 17:56 - 2014-02-08 14:54 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00003082 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-05 17:56 - 2014-02-08 14:24 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-05 17:56 - 2014-02-08 14:24 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-05 17:56 - 2014-02-07 19:39 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-05 17:56 - 2014-02-07 19:39 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-05 17:56 - 2014-02-07 19:39 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-05 13:35 - 2014-02-05 14:11 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-04 10:59 - 2014-02-04 11:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:26 - 2014-02-04 10:34 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 17:02 - 2014-02-08 14:20 - 00000000 ____D () C:\AdwCleaner
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:56 - 2014-02-03 12:58 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-01 23:35 - 2014-02-04 12:09 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:47 - 2014-01-31 12:49 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 16:57 - 2014-02-06 14:00 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:05 - 2014-01-27 18:07 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:36 - 2014-01-27 14:38 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 13:12 - 2014-01-27 12:27 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:11 - 2014-02-08 14:24 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-01-27 12:11 - 2014-02-08 14:24 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-01-27 12:09 - 2014-02-05 19:18 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-01-27 12:09 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-01-27 12:08 - 2014-01-27 12:10 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:08 - 2014-01-27 12:09 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-25 21:19 - 2014-01-25 21:21 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 03:35 - 2014-01-24 12:07 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:34 - 2014-01-24 03:43 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:16 - 2014-01-24 03:19 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-08-02 09:28 - 00593184 _____ (HP) C:\windows\SysWOW64\hpcdmc32.dll
2014-01-24 03:06 - 2013-08-02 09:28 - 00237344 _____ (Hewlett-Packard Company) C:\windows\system32\hpmlm135.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00217376 _____ (Hewlett-Packard) C:\windows\system32\hpmml155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00199968 _____ (Hewlett-Packard) C:\windows\system32\hpmja155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00190240 _____ (Hewlett-Packard) C:\windows\system32\hpmpm081.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00162080 _____ (Hewlett-Packard) C:\windows\system32\hpmtp155.dll
2014-01-24 03:06 - 2013-08-02 09:27 - 00074016 _____ (Hewlett-Packard) C:\windows\system32\hpmpw081.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00442656 _____ (Hewlett-Packard Corporation) C:\windows\system32\hpcpn155.dll
2014-01-24 03:06 - 2013-08-02 09:25 - 00140064 _____ (Hewlett-Packard) C:\windows\system32\hpcjpm.dll
2014-01-24 03:06 - 2013-08-02 09:21 - 00441632 _____ (Hewlett Packard Corporation) C:\windows\SysWOW64\hpcc3155.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00193592 _____ (Hewlett-Packard) C:\windows\system32\hppdcompio.dll
2014-01-24 03:06 - 2011-02-11 15:23 - 00167480 _____ (Hewlett-Packard) C:\windows\SysWOW64\hppccompio.dll
2014-01-24 03:06 - 2009-02-25 17:32 - 00060440 _____ (Hewlett-Packard) C:\windows\system32\FxCompChannel_x64.dll
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 02:11 - 2014-01-24 02:14 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 14:59 - 2014-01-23 21:18 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 11:54 - 2014-01-23 12:06 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-22 22:51 - 2014-02-08 11:15 - 00000000 ____D () C:\Quarantine
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 19:41 - 2014-01-28 17:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-17 19:39 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-17 19:38 - 2014-01-23 23:04 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-17 19:38 - 2014-01-23 22:50 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-17 19:38 - 2012-10-14 13:03 - 00015561 ____N () C:\windows\hpomdl19.dat
2014-01-17 19:21 - 2012-09-25 08:52 - 03867040 _____ () C:\windows\system32\PortChanger.exe
2014-01-17 19:21 - 2012-09-25 08:52 - 02398112 _____ (Hewlett Packard) C:\windows\system32\hppldcoi.dll
2014-01-17 19:21 - 2012-09-25 08:52 - 00151968 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00049056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dot4usb.sys
2014-01-17 19:21 - 2012-09-25 08:52 - 00027040 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\Dot4Prt.sys
2014-01-17 19:21 - 2009-07-14 02:41 - 00036352 _____ (Hewlett-Packard Company) C:\windows\system32\HPZ3LWN7.DLL
2014-01-17 19:21 - 2009-07-08 11:51 - 00861184 _____ (Hewlett-Packard) C:\windows\system32\hpowiav1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00730624 _____ (Hewlett-Packard Co.) C:\windows\system32\hpotscl1.dll
2014-01-17 19:21 - 2009-07-08 11:51 - 00498176 _____ (Hewlett-Packard Co.) C:\windows\system32\hpovst01.dll
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-02-04 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 00:51 - 2014-01-17 01:56 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 22:18 - 2014-01-30 10:00 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:21 - 2014-01-13 14:23 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:19 - 2014-01-13 14:21 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:08 - 2014-01-29 02:44 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:00 - 2014-01-13 14:03 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:41 - 2014-01-13 13:43 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:37 - 2014-01-13 14:47 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 13:37 - 2014-01-13 13:38 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-13 09:56 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-13 09:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-13 09:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-13 09:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:16 - 2014-02-08 14:50 - 00004952 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT

==================== One Month Modified Files and Folders =======

2014-02-08 15:05 - 2014-02-08 15:05 - 00000000 ____D () C:\Users\KARLA\Desktop\FRST-OlderVersion
2014-02-08 15:05 - 2014-02-06 13:04 - 02079744 _____ (Farbar) C:\Users\KARLA\Desktop\FRST64.exe
2014-02-08 15:05 - 2014-02-06 13:04 - 00021193 _____ () C:\Users\KARLA\Desktop\FRST.txt
2014-02-08 15:05 - 2014-02-06 13:04 - 00000000 ____D () C:\FRST
2014-02-08 15:03 - 2014-02-08 15:03 - 00001139 _____ () C:\Users\KARLA\Desktop\JRT.txt
2014-02-08 15:02 - 2013-11-15 12:55 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957994488-842925246-40105171-676649
2014-02-08 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-08 14:54 - 2014-02-08 14:54 - 01037530 _____ (Thisisu) C:\Users\KARLA\Desktop\JRT.exe
2014-02-08 14:54 - 2014-02-05 17:56 - 00000282 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-02-08 14:53 - 2013-11-15 12:40 - 00004552 _____ () C:\windows\system32\config\netlogon.ftl
2014-02-08 14:52 - 2013-12-08 17:36 - 00001118 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 14:50 - 2014-01-09 14:16 - 00004952 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net
2014-02-08 14:44 - 2013-11-15 12:38 - 01551193 _____ () C:\windows\WindowsUpdate.log
2014-02-08 14:40 - 2012-07-26 06:26 - 00000202 _____ () C:\windows\win.ini
2014-02-08 14:28 - 2012-07-26 08:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-08 14:26 - 2014-02-08 14:26 - 00000000 ____D () C:\windows\ERUNT
2014-02-08 14:26 - 2013-11-15 13:14 - 00003308 _____ () C:\windows\System32\Tasks\Smart Client
2014-02-08 14:24 - 2014-02-05 17:56 - 00003082 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-02-08 14:24 - 2014-02-05 17:56 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-02-08 14:24 - 2014-02-05 17:56 - 00000342 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-02-08 14:24 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\gemeinsame Daten
2014-02-08 14:24 - 2014-01-27 12:11 - 00000000 ___RD () C:\Users\KARLA\CloudStation
2014-02-08 14:24 - 2013-12-08 17:36 - 00001114 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 14:24 - 2013-11-17 09:38 - 00000000 ___RD () C:\Users\KARLA\Dropbox
2014-02-08 14:24 - 2013-11-17 09:36 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Dropbox
2014-02-08 14:24 - 2013-11-15 12:50 - 00026170 __RSH () C:\Users\KARLA\ntuser.pol
2014-02-08 14:24 - 2013-11-15 12:50 - 00002134 _____ () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2014-02-08 14:24 - 2013-11-15 12:49 - 00000000 ____D () C:\Users\KARLA
2014-02-08 14:24 - 2013-04-15 15:28 - 00002856 _____ () C:\windows\System32\Tasks\Maint
2014-02-08 14:24 - 2013-04-15 15:28 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-02-08 14:24 - 2013-04-15 13:22 - 01054403 __RSH () C:\ProgramData\ntuser.pol
2014-02-08 14:22 - 2013-11-15 17:18 - 00000000 ____D () C:\Program Files (x86)\PC Backup
2014-02-08 14:22 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-08 14:21 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-02-08 14:20 - 2014-02-03 17:02 - 00000000 ____D () C:\AdwCleaner
2014-02-08 14:16 - 2014-02-08 11:40 - 00000000 ____D () C:\Users\KARLA\Desktop\mbar
2014-02-08 12:03 - 2014-02-08 11:42 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-08 12:03 - 2014-02-08 11:40 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-08 11:38 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Packages
2014-02-08 11:17 - 2013-11-15 15:40 - 00000000 ____D () C:\Users\KARLA\Documents\Outlook Files
2014-02-08 11:15 - 2014-01-22 22:51 - 00000000 ____D () C:\Quarantine
2014-02-07 19:39 - 2014-02-05 17:56 - 00003316 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00003084 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-02-07 19:39 - 2014-02-05 17:56 - 00003008 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00002966 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-02-07 19:39 - 2014-02-05 17:56 - 00002874 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-02-07 16:41 - 2014-02-07 16:41 - 16555199 _____ () C:\Users\KARLA\Downloads\ISS Gen 8 Refresh CEE Final.xlsx
2014-02-07 14:09 - 2014-02-07 14:08 - 48698385 _____ () C:\Users\KARLA\Downloads\Account Performance Report 29 Jan 2014.xlsb
2014-02-07 12:01 - 2014-02-07 12:01 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (3).msi
2014-02-07 11:31 - 2014-02-07 11:31 - 00302489 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Feb'14_V1.xlsm
2014-02-07 11:30 - 2014-02-07 11:30 - 08493245 _____ () C:\Users\KARLA\Downloads\Missed_Attach_Potential_Feb'14_V1.xlsm
2014-02-07 11:29 - 2013-04-15 15:11 - 00000000 ____D () C:\Program Files\RA2HP
2014-02-07 10:59 - 2013-11-15 15:59 - 00000000 ____D () C:\Users\KARLA\Documents\TS
2014-02-07 09:58 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\tracing
2014-02-06 16:53 - 2014-02-06 16:53 - 00000000 _____ () C:\Users\KARLA\Downloads\McAffee.bmp
2014-02-06 14:07 - 2014-02-06 14:00 - 00016303 _____ () C:\windows\diagerr.xml
2014-02-06 14:07 - 2014-02-06 14:00 - 00015243 _____ () C:\windows\diagwrn.xml
2014-02-06 14:00 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\Documents\MySavedSettings
2014-02-06 14:00 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Hewlett-Packard
2014-02-06 13:08 - 2014-02-06 13:06 - 00034387 _____ () C:\Users\KARLA\Desktop\Addition.txt
2014-02-06 13:03 - 2014-02-06 13:02 - 02082304 _____ (Farbar) C:\Users\KARLA\Downloads\FRST64.exe
2014-02-05 19:18 - 2014-02-05 19:18 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
2014-02-05 19:18 - 2014-01-27 12:09 - 00001111 _____ () C:\Users\KARLA\Desktop\Synology Cloud Station.lnk
2014-02-05 19:18 - 2014-01-27 12:09 - 00000000 ____D () C:\Users\KARLA\AppData\Local\CloudStation
2014-02-05 14:11 - 2014-02-05 13:35 - 00000000 ____D () C:\Users\KARLA\Downloads\new deals
2014-02-05 09:30 - 2013-11-16 21:49 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\vlc
2014-02-04 21:22 - 2014-02-04 21:22 - 00000000 ____D () C:\Users\KARLA\Desktop\Ich-Einfach unverbesserlich-2 - Pittis AVCHD1080p
2014-02-04 12:43 - 2014-02-04 12:43 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1 (1).xlsm
2014-02-04 12:10 - 2013-04-15 17:55 - 00029992 _____ () C:\windows\PFRO.log
2014-02-04 12:09 - 2014-02-01 23:35 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-04 12:09 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\genienext
2014-02-04 11:00 - 2014-02-04 11:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:00 - 2014-02-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 11:00 - 2014-02-04 10:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\KARLA\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 10:53 - 2013-12-08 18:37 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 10:34 - 2014-02-04 10:26 - 00065302 _____ () C:\Users\KARLA\Desktop\Copy of BCS AMID 2 Summary per Sub.xlsx
2014-02-03 18:13 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Microsoft Help
2014-02-03 17:09 - 2013-11-15 13:00 - 00000000 ____D () C:\windows\SmartClient
2014-02-03 17:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-02-03 17:02 - 2014-02-03 17:02 - 01166132 _____ () C:\Users\KARLA\Downloads\adwcleaner.exe
2014-02-03 12:58 - 2014-02-03 12:56 - 29378149 _____ () C:\Users\KARLA\Desktop\FY14 ProCare and Collab Dashboard (1).zip
2014-02-03 11:51 - 2013-11-15 12:50 - 00000000 ____D () C:\Users\KARLA\AppData\Local\VirtualStore
2014-02-03 00:43 - 2013-12-01 00:10 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-31 13:32 - 2014-01-31 13:32 - 00301744 _____ () C:\Users\KARLA\Downloads\MAP_Feedback_file_Jan'14_V1.xlsm
2014-01-31 12:49 - 2014-01-31 12:47 - 15905336 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE CIS HWST Level v1.xlsx
2014-01-31 09:21 - 2014-01-31 09:21 - 15680580 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Slovakia HWST Level v1.xlsx
2014-01-30 17:01 - 2013-11-15 12:50 - 00000000 ___RD () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-30 16:57 - 2014-01-30 16:57 - 00004406 _____ () C:\windows\System32\Tasks\FMS-Scheduled-Capture_karla
2014-01-30 16:57 - 2014-01-30 16:57 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-01-30 16:57 - 2013-04-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-30 16:09 - 2014-01-30 16:09 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2014-01-30 16:06 - 2014-01-30 16:06 - 00001859 _____ () C:\Users\Public\Desktop\PC Backup.lnk
2014-01-30 10:00 - 2014-01-15 22:18 - 00004954 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net
2014-01-29 02:44 - 2014-01-13 14:08 - 00000000 ____D () C:\windows\system32\appmgmt
2014-01-28 18:20 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-01-28 17:37 - 2014-01-17 19:41 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HpUpdate
2014-01-28 17:31 - 2013-12-31 02:02 - 00503032 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-27 20:36 - 2014-01-27 20:36 - 00002640 _____ () C:\Users\KARLA\Downloads\synoblog.backup
2014-01-27 18:07 - 2014-01-27 18:05 - 17112384 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE Russia HWST Level v1.xlsx
2014-01-27 14:38 - 2014-01-27 14:36 - 16629453 _____ () C:\Users\KARLA\Downloads\2013-10-09 BCS IB DATA CEE SEE HWST Level v1.xlsx
2014-01-27 12:27 - 2014-01-27 13:12 - 00000000 _____ () C:\Users\KARLA\Downloads\gemeinsame Daten Test.txt
2014-01-27 12:12 - 2014-01-27 12:12 - 00002195 _____ () C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Synology
2014-01-27 12:12 - 2014-01-27 12:12 - 00000000 ____D () C:\Program Files (x86)\Synology
2014-01-27 12:10 - 2014-01-27 12:08 - 62852488 _____ () C:\Users\KARLA\Downloads\Synology-PhotoStationUploader-Setup-045.exe
2014-01-27 12:09 - 2014-01-27 12:08 - 30118976 _____ () C:\Users\KARLA\Downloads\Synology-CloudStation-Setup-3004.exe
2014-01-27 11:22 - 2014-01-27 11:22 - 00005146 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Sun
2014-01-27 11:22 - 2014-01-27 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 11:22 - 2013-04-15 13:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-27 11:20 - 2014-01-27 11:20 - 00921000 _____ (Oracle Corporation) C:\Users\KARLA\Downloads\chromeinstall-7u51.exe
2014-01-27 11:19 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-01-25 21:21 - 2014-01-25 21:19 - 00000000 ____D () C:\Users\KARLA\Desktop\TOWN - partner Movie - Planes (2013) NTSC MULTi DV
2014-01-24 12:07 - 2014-01-24 03:35 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-24 03:43 - 2014-01-24 03:34 - 432790328 _____ () C:\Users\KARLA\Desktop\AIO_CDB_NonNet_Full_Win_WW_140_408.exe.suiigct.partial
2014-01-24 03:19 - 2014-01-24 03:16 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2014-01-24 03:09 - 2014-01-24 03:09 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-01-24 03:06 - 2014-01-24 03:06 - 00000000 _____ () C:\windows\HPMProp.INI
2014-01-24 03:06 - 2013-04-19 15:22 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-24 03:05 - 2014-01-24 03:05 - 00000000 ____D () C:\HP Universal Print Driver
2014-01-24 02:55 - 2013-04-15 12:31 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-01-24 02:14 - 2014-01-24 02:11 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-01-24 02:11 - 2014-01-24 02:11 - 00000000 ____D () C:\Users\KARLA\Documents\Freemium Driver Utilities
2014-01-23 23:04 - 2014-01-17 19:38 - 00010250 _____ () C:\ProgramData\hpzinstall.log
2014-01-23 22:50 - 2014-01-23 22:50 - 00001103 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\windows\LastGood
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-23 22:50 - 2014-01-23 22:50 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-23 22:50 - 2014-01-17 19:39 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-23 22:50 - 2014-01-17 19:38 - 00203557 _____ () C:\windows\hpoins19.dat
2014-01-23 22:49 - 2014-01-23 22:49 - 00001321 _____ () C:\Users\Public\Desktop\HP Solution Center.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00001167 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-01-23 22:49 - 2014-01-23 22:49 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-01-23 22:49 - 2013-11-15 16:50 - 00000000 ____D () C:\ProgramData\HP
2014-01-23 21:51 - 2014-01-23 21:51 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (2).exe
2014-01-23 21:43 - 2014-01-23 21:43 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS (1).exe
2014-01-23 21:42 - 2014-01-23 21:42 - 00003724 _____ () C:\Users\KARLA\Downloads\installNS.exe
2014-01-23 21:18 - 2014-01-23 14:59 - 00060914 _____ () C:\Users\KARLA\Desktop\HP Installation Error - Windows 8.hta
2014-01-23 15:27 - 2013-11-15 15:52 - 00000000 ____D () C:\Users\KARLA\Documents\Privat
2014-01-23 13:03 - 2014-01-23 13:03 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (2).msi
2014-01-23 12:06 - 2014-01-23 11:54 - 432790328 _____ () C:\Users\KARLA\Downloads\AIO_CDB_NonNet_Full_Win_WW_140_408.exe
2014-01-21 00:42 - 2014-01-21 00:42 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-21 00:42 - 2014-01-21 00:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-21 00:42 - 2013-11-22 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-21 00:41 - 2014-01-21 00:41 - 00283096 _____ (Mozilla) C:\Users\KARLA\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:44 - 2013-11-26 13:19 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\HP
2014-01-17 19:43 - 2014-01-17 19:43 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-01-17 18:00 - 2013-11-17 09:37 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\Mobogenie
2014-01-17 01:56 - 2014-01-17 00:51 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-17 01:44 - 2014-01-17 01:44 - 01484297 _____ () C:\Users\KARLA\Downloads\MO2010_Activator_Updated.rar
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\AppData\Local\cache
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 ____D () C:\Users\KARLA\.android
2014-01-17 00:51 - 2014-01-17 00:51 - 00000000 _____ () C:\Users\KARLA\daemonprocess.txt
2014-01-17 00:50 - 2014-01-17 00:50 - 00003108 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-15 10:17 - 2014-01-15 10:17 - 00314152 _____ () C:\Users\KARLA\Desktop\Books24x7 presentation.pptx
2014-01-15 09:44 - 2013-11-15 15:53 - 00000000 ____D () C:\Users\KARLA\Documents\Produktneuigkeiten
2014-01-14 09:07 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\NDF
2014-01-13 14:47 - 2014-01-13 13:37 - 00000000 ____D () C:\Program Files (x86)\Visual Pinball
2014-01-13 14:25 - 2014-01-13 14:25 - 00000000 ____D () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC
2014-01-13 14:23 - 2014-01-13 14:21 - 18587100 _____ () C:\Users\KARLA\Downloads\Terminator2_UR_NF_VP9_1.1RC.zip
2014-01-13 14:21 - 2014-01-13 14:19 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0 (1).rar
2014-01-13 14:09 - 2014-01-13 14:09 - 00002216 _____ () C:\Users\KARLA\Desktop\vpforums.org.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00002036 _____ () C:\Users\KARLA\Desktop\VPinball_9_0_2.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00001994 _____ () C:\Users\KARLA\Desktop\VPinball.lnk
2014-01-13 14:09 - 2014-01-13 14:09 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Pinball
2014-01-13 14:05 - 2014-01-13 14:05 - 00000000 ____D () C:\Users\KARLA\Downloads\TAF_VP91X_2.0
2014-01-13 14:03 - 2014-01-13 14:00 - 15419783 _____ () C:\Users\KARLA\Downloads\TAF_VP91X_2.0.rar
2014-01-13 13:43 - 2014-01-13 13:41 - 07760212 _____ () C:\Users\KARLA\Downloads\VPInstaller_1_0_3.zip
2014-01-13 13:40 - 2014-01-13 13:40 - 00000000 ____D () C:\Users\KARLA\Downloads\taf_430
2014-01-13 13:38 - 2014-01-13 13:37 - 02191828 _____ () C:\Users\KARLA\Downloads\taf_430.zip
2014-01-13 13:36 - 2014-01-13 13:36 - 03851132 _____ () C:\Users\KARLA\Downloads\VisualPinballTB6.zip
2014-01-12 19:42 - 2013-04-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-10 11:10 - 2014-01-10 11:10 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting (1).ics
2014-01-10 11:09 - 2014-01-10 11:09 - 00004779 _____ () C:\Users\KARLA\Downloads\37807-1-SavethedateQ4FY13AllEmployeeMeeting.ics
2014-01-09 14:07 - 2014-01-09 14:07 - 01003520 _____ () C:\Users\KARLA\Downloads\hpvrplugin_v2 (1).msi
2014-01-09 11:45 - 2014-01-09 11:45 - 00000000 ____D () C:\Users\KARLA\AppData\Roaming\IDT

Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\hpadmin\create_shortcut.vbs
C:\Users\hpadmin\reg_off2k7.vbs


Some content of TEMP:
====================
C:\Users\KARLA\AppData\Local\Temp\app.exe
C:\Users\KARLA\AppData\Local\Temp\AutoUpdate.exe
C:\Users\KARLA\AppData\Local\Temp\i4jdel0.exe
C:\Users\KARLA\AppData\Local\Temp\psWinControl.dll
C:\Users\KARLA\AppData\Local\Temp\Quarantine.exe
C:\Users\KARLA\AppData\Local\Temp\RA_LOG.dll
C:\Users\KARLA\AppData\Local\Temp\Synology-CloudStation-Upgrader-3005.exe
C:\Users\KARLA\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 12:25

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by karla at 2014-02-06 13:06:15
Running from C:\Users\KARLA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention-Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU Version:  - Amazon)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2106 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2222 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (Version: 7.4.50415.0 - DisplayLink Corp.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Eclipse (x32 Version: 5.2.24 - Hewlett-Packard Company)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Follow-Me Settings (x32 Version: 2.0.0506 - Hewlett-Packard)
Forefront Identity Manager Add-ins and Extensions (Version: 4.1.3114.0 - Microsoft Corporation)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (Version: 5.1.7.1 - Hewlett-Packard Company)
HP Client Automation Application Manager Agent (x32 Version: 9.00.0000 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP ESU for Microsoft Windows 8 (x32 Version: 1.0.4.1 - Hewlett-Packard Company)
HP Fonts (x32 Version: 2.0 - Hewlett-Packard)
HP HD Webcam Driver (x32 Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (x32 Version: 4.6.11.2 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photo Creations (x32 Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (Version: 14.0 - HP)
HP Port Replicator Software Installer (x32 Version: 1.3.28 - HP)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.002.006.003 - Hewlett-Packard)
HP USB Port Replicator (Version: 7.4.50520.0 - Hewlett-Packard)
HP Virtual Room Client Launcher Plugin (x32 Version: 2.0.0.1 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
McAfee Agent (x32 Version: 4.6.0.3122 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0202 - McAfee, Inc.) Hidden
McAfee VirusScan Enterprise (x32 Version: 8.8.03000 - McAfee, Inc.)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0.50727.76201 - Hewlett-Packard Company)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Moct 1 Vokabeltrainer (x32 Version: 1.0 - Ernst Klett Sprachen GmbH)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PC Backup Agent (x32 Version: 8.6.2.7 - Autonomy Corporation plc)
PC COE (x32 Version: 31.1.2 - Hewlett-Packard Company)
PC COE Required Settings (x32 Version: 31.1.0 - Hewlett-Packard Company)
Photo Station Uploader (remove only) (x32 Version:  - Synology)
Pixum Fotobuch (x32 Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
ratDVD 0.78.1444 (x32 Version: 0.78.1444 - ratDVD)
Remote Access to HP Network 6.5 (Version: 6.5.4.52064 - Hewlett-Packard Company)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 16.3.9.0 - Synaptics Incorporated)
Synology Cloud Station (remove only) (HKCU Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Lync 2013 (KB2825630) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)
Visual Pinball VPInstaller 1.0.3 (x32 Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

21-01-2014 10:14:55 Scheduled Checkpoint
24-01-2014 01:09:59 Free Driver Scout
24-01-2014 01:33:13 DriverUtilities
27-01-2014 10:21:54 Installed Java 7 Update 51
30-01-2014 15:06:01 Installed PC Backup

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0591DE10-9EAD-459A-A2EC-0D8EFFE58754} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll,SendInventory
Task: {0CBEA7D9-82EF-412C-AC00-754CD8E84D10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {10883327-7B75-43B4-8798-F57E71B8C077} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7C5C-AC0A-4491-A04F-6BDDD3F779D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2FFFBECF-0D0C-428B-9DD3-CAE2B35BF97A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {303a3838-4289-423e-a6ed-13f5e4e79b6d} KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {3DAB4396-E888-4557-9D33-5FB34B0ED2F9} - \Software Updater Ui No Task File
Task: {42DB71D4-8080-47DB-BC1E-DAB3ED12E794} - System32\Tasks\Smart Client => C:\Program Files (x86)\SmartClient\Smart.exe [2013-09-24] (Hewlett-Packard Company)
Task: {544333E7-4976-473D-9D24-5ED444F1163A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {59CFD9ED-1A4D-4F23-BF09-34FB2447B674} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-karla KARLA1.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {5CFB52BF-50DE-4A4D-9047-8673AFBD3FB3} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001 => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24] (Hewlett-Packard)
Task: {738FEF93-13B3-46E2-8B5D-73E3B3C51238} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {7716AD61-71B7-4475-88B4-1C079B61C1CD} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,CheckForUpdates
Task: {9343A8DB-5700-47EC-B3F7-1DB658BDCD7D} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,RunPatch
Task: {94BCD98D-AF99-4A21-BD7A-77C51794B86B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-01-10] (Synaptics Incorporated)
Task: {9BBB98BD-F3C9-4FDE-ADB0-F3F348954F3B} - \Software Updater No Task File
Task: {A0E8C584-3163-4137-99F8-AA6D55993C68} - \FreeDriverScout No Task File
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AEA838A6-2A32-4B3D-BC73-FFCEEB98ECDC} - System32\Tasks\FMS-Scheduled-Capture_karla => C:\Program Files (x86)\Hewlett-Packard\FMD\Follow-Me Settings\FMS.exe [2013-08-15] (Hewlett-Packard Company)
Task: {BE749ED1-DB7E-4FD7-B92A-C9F488A984D2} - System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll,RunHourlyHook
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C6FBB451-03F7-41C6-A73B-A691E668491F} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {CDFDC902-6A18-4C06-A33F-A6CD192DE03C} - System32\Tasks\BitLocker Reminder => C:\Program Files (x86)\SmartClient\Reminder.exe [2013-09-24] (Microsoft)
Task: {D2A1B6A9-426C-40C3-8D86-1B9F2B4020A8} - System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000 => Rundll32.exe C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin A
Task: {D37DB595-F45C-481A-BC05-7A717777CDF2} - System32\Tasks\Maint => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {D4A3B526-5D0E-4D3E-9E2E-B5213BEB47C5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {DE49E4C7-0212-4F07-90F0-8BB0AA59B749} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E78AC204-6EB5-46EB-9DE3-B06BBE7B71BD} - \AmiUpdXp No Task File
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job => œí“Ç£G„—¸*ÞFj<
 ÿÿÿÿ Á!C:\windows\system32\rundll32.exe?C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin APC COEPC COE Software Bundles update0Þ-
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe
Task: C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll
Task: C:\windows\Tasks\Maint.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe

==================== Loaded Modules (whitelisted) =============

2012-10-01 21:34 - 2012-10-01 21:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-18 16:08 - 2012-08-24 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-11-22 19:32 - 2012-11-22 19:32 - 00141184 _____ () C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\expat.dll
2013-09-13 09:54 - 2013-09-13 09:54 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\KARLA\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-27 09:13 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 10:53 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 10:53 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01259320 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libsqlite3-0.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00043008 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libgcc_s_dw2-1.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 02554368 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtCore4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 09824768 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtGui4.dll
2013-12-24 16:36 - 2013-12-24 16:36 - 01218048 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\QtNetwork4.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 01599298 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icuuc50.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 00879630 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\libstdc++-6.dll
2013-05-31 10:15 - 2013-05-31 10:15 - 20803927 _____ () C:\Users\KARLA\AppData\Local\CloudStation\bin\icudt50.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1f04
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/05/2014 05:59:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x142c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0x00000505
Fault offset: 0x00014b32
Faulting process id: 0x168c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:42:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: DW20.EXE, version: 15.0.4420.1017, time stamp: 0x506733ba
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000374
Fault offset: 0x000da94f
Faulting process id: 0x5ac
Faulting application start time: 0xDW20.EXE0
Faulting application path: DW20.EXE1
Faulting module path: DW20.EXE2
Report Id: DW20.EXE3
Faulting package full name: DW20.EXE4
Faulting package-relative application ID: DW20.EXE5

Error: (02/05/2014 05:06:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x2134
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 05:02:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Faulting module name: VsTskMgr.exe, version: 8.8.0.1128, time stamp: 0x50b7bad8
Exception code: 0xc0000005
Fault offset: 0x0000709f
Faulting process id: 0x874
Faulting application start time: 0xVsTskMgr.exe0
Faulting application path: VsTskMgr.exe1
Faulting module path: VsTskMgr.exe2
Report Id: VsTskMgr.exe3
Faulting package full name: VsTskMgr.exe4
Faulting package-relative application ID: VsTskMgr.exe5

Error: (02/05/2014 05:01:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4535.1507, time stamp: 0x52282875
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xe0000002
Fault offset: 0x00014b32
Faulting process id: 0x18c4
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (02/05/2014 11:45:19 AM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1ddc
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (02/04/2014 00:34:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Faulting module name: OUTLOOK.EXE, version: 15.0.4551.1004, time stamp: 0x5253ad6f
Exception code: 0xc0000005
Fault offset: 0x00025b09
Faulting process id: 0x1450
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5


System errors:
=============
Error: (02/06/2014 11:31:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 08:38:02 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object cn={F0ADF5BC-3CB7-4E60-BF8E-399E9DC51DE2},cn=policies,cn=system,DC=emea,DC=cpqcorp,DC=net. This could be caused by RSOP being disabled  or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved.

Error: (02/05/2014 06:19:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/05/2014 05:54:08 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (02/05/2014 05:53:55 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

Error: (02/05/2014 05:02:36 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Task Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/05/2014 09:30:21 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 10:12:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:36 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/04/2014 09:21:28 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 06:15:08 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091f0401cf2294beb36770C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE0f57e5a7-8e89-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:59:59 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32142c01cf22932d4c3d63C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllf1c83d49-8e86-11e3-be9b-b4b676d91d30

Error: (02/05/2014 05:42:26 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.16451509889500000050500014b32168c01cf22909dc8c277C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll7e1a24e7-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:42:21 PM) (Source: Application Error)(User: )
Description: DW20.EXE15.0.4420.1017506733bantdll.dll6.2.9200.16420505aaa82c0000374000da94f5ac01cf22913da87658C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXEC:\windows\SYSTEM32\ntdll.dll7b7bdfc4-8e84-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:06:20 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b32213401cf228b91d739c6C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dll72f9db64-8e7f-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:02:35 PM) (Source: Application Error)(User: )
Description: VsTskMgr.exe8.8.0.112850b7bad8VsTskMgr.exe8.8.0.112850b7bad8c00000050000709f87401cf2199b88ff011C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exeed2ceec3-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 05:01:25 PM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4535.150752282875KERNELBASE.dll6.2.9200.1645150988950e000000200014b3218c401cf219e4a89a29dC:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXEC:\windows\SYSTEM32\KERNELBASE.dllc344682a-8e7e-11e3-be9a-b4b676d91d30

Error: (02/05/2014 11:45:19 AM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (02/04/2014 00:37:10 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b091ddc01cf219d2c645835C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEaeb3c20f-8d90-11e3-be9a-b4b676d91d30

Error: (02/04/2014 00:34:54 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE15.0.4551.10045253ad6fOUTLOOK.EXE15.0.4551.10045253ad6fc000000500025b09145001cf219b89fc678fC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE5da96d77-8d90-11e3-be9a-b4b676d91d30


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 8055.46 MB
Available physical RAM: 4119.63 MB
Total Pagefile: 9911.46 MB
Available Pagefile: 5022.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (PC COE) (Fixed) (Total:237.5 GB) (Free:7.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F0C570EE)
Partition 1: (Not Active) - (Size=500 MB) - (Type=27)
Partition 2: (Active) - (Size=499 MB) - (Type=27)
Partition 3: (Not Active) - (Size=237 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Soll ich trotzdem den nächsten Schritt aus Deiner letzten Antwort schon starten?

cosinus · 09.02.2014, 15:25

ja mach bitte die Kontrollscans

Blizzard79 · 10.02.2014, 12:11

Hallo Cosinus,

Malwarebytes hat nichts gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.09.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
karla :: KARLA1 [administrator]

Protection: Enabled

10.02.2014 11:55:48
mbam-log-2014-02-10 (11-55-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238662
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET hat sehr lange gebraucht und auch nichts gefunden. Allerdings weiß ich nicht, ob er wirklich fertig wurde oder abgebrochen ist. Mein Virusschutz aktiviert sich nach einer Zeit wieder selbsständig und irgendwann war ESET zu, hat aber keine Finish Nachricht geschrieben.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e2d2d220c7d5354b820102c3d2aa0028
# engine=17006
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-09 09:42:59
# local_time=2014-02-09 10:42:59 (+0100, W. Europe Standard Time)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 25872709 51488290 0 0
# scanned=64568
# found=0
# cleaned=0
# scan_time=3350
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e2d2d220c7d5354b820102c3d2aa0028
# engine=17006
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-10 08:26:13
# local_time=2014-02-10 09:26:13 (+0100, W. Europe Standard Time)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 25911303 51526884 0 0
# scanned=258531
# found=0
# cleaned=0
# scan_time=38222
ESETSmartInstaller@High as downloader log:
all ok

Zusätzlich hatte ich vor den Scans wieder eine Meldung meines McAffee Zugriffscaners beim Starten von Chrome.exe. Obwohl Chrome nie Symptome gezeigt hat, wurde beim aktivieren von Chrome irgendwelche Temp Applikationsdateien geschrieben, die von McAffee als BetterSurf eingestuft wurden. Hab daraufhin Chrome desinstalliert und seit dem keine Meldungen mehr. Ich glaub also jetzt bin ich wirklich frei.

Danke! Und wo kann ich spenden?

Lg, Fred

09.02.2014, 15:25	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BetterSurf Addware nur halb entfernt ja mach bitte die Kontrollscans __________________ Logfiles bitte immer in CODE-Tags posten

BetterSurf Addware nur halb entfernt

Plagegeister aller Art und deren Bekämpfung: BetterSurf Addware nur halb entfernt