Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Angeblich Zero Access - außerdem PUP.Optional.Iminent.A (https://www.trojaner-board.de/142263-angeblich-zero-access-ausserdem-pup-optional-iminent-a.html)

huhu13 29.09.2013 13:42
Angeblich Zero Access - außerdem PUP.Optional.Iminent.A
 
Die Telekom hat uns mitgeteilt, dass wir uns den Zero Access Trojaner eingefangen hätten.
Diverse Antivirenscanner (MBAM, Avast, EU Avira Cleaner) haben in der Richtung nichts gefunden.
MBAM hat allerdings die Browser-Erweiterung Iminent gefunden, die ich nicht loswerde. Ich hatte mir die schonmal eingefangen und bin sie mit Eurer Hilfe losgeworden.
Vielleicht klappt es ja nochmal. Interessanter wäre allerdings, ob ich tatsächlich einen Trojaner habe.

Hier meine Logs:
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by XXXXX (ATTENTION: The logged in user is not administrator) on YYYYY on 28-09-2013 19:17:37
Running from C:\Users\XXXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Runonce: [Del4923313] - cmd.exe /Q /D /c del "C:\Users\ZZZZZ\AppData\Local\Temp\0.del" [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs:    [0 ] ()
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 19:09 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-02 21:09 - 2013-09-25 22:33 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-02 20:57 - 2013-09-15 16:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-02 20:57 - 2013-09-02 21:02 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage

==================== One Month Modified Files and Folders =======

2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:09 - 2013-09-28 12:49 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 19:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:01 - 2011-12-21 22:13 - 01645224 _____ C:\Windows\WindowsUpdate.log
2013-09-28 18:57 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 18:55 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-28 18:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 18:55 - 2009-07-14 06:51 - 00080023 _____ C:\Windows\setupact.log
2013-09-28 18:50 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-09-28 18:50 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-09-28 18:50 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 18:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 18:40 - 2010-11-21 05:47 - 00428150 _____ C:\Windows\PFRO.log
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe
2013-09-28 14:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 13:11 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 11:27 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-25 22:33 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-09-23 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:56 - 2013-09-02 20:57 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\WWWWW
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX
2013-09-02 21:02 - 2013-09-02 20:57 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage
2013-09-02 20:53 - 2011-12-09 02:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-02 20:48 - 2011-12-09 02:44 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 20:43 - 2013-08-25 16:59 - 00000000 ____D C:\Program Files (x86)\Logitech

Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\PureSyncInst.exe
C:\Users\XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninst1.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by XXXXX at 2013-09-28 19:18:15
Running from C:\Users\XXXXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.0.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0.1 (x32 Version: 7.0.1)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Amazon Music Importer (x32 Version: 2.1.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0 (x32)
AuthenTec TrueAPI (Version: 1.3.0.116)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
AVM FRITZ!WLAN (x32)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blasterball 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Botanicula (x32 Version: 1.0)
Bounce Symphony (x32 Version: 2.2.0.97)
Browser Hijack Recover(BHR) 3.0 (x32)
Cake Mania (x32 Version: 2.2.0.95)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citavi (x32 Version: 3.2.0.0)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Designer 2.0 (x32 Version: 7.9.4)
Dropbox (HKCU Version: 1.4.7)
ESET Online Scanner v3 (x32)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FormatFactory 2.80 (x32 Version: 2.80)
Free Video Converter V 3.1 (x32 Version: 3.1.0.0)
Google Chrome (HKCU Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Officejet 6100 - Grundlegende Software für das Gerät (Version: 25.0.617.0)
HP Officejet 6100 Hilfe (x32 Version: 140.0.2.2)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP SimplePass PE 2011 (x32 Version: 5.3.0.194)
HP Support Assistant (x32 Version: 6.0.4.1)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 10.7.0.21)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Malwarebytes Anti-Malware Version 1.61.0.1400 (x32 Version: 1.61.0.1400)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mendeley Desktop 1.3.1 (x32 Version: 1.3.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 9.0.1 (x86 de) (x32 Version: 9.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
No23 Recorder (x32 Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
Nokia Connectivity Cable Driver (x32 Version: 6.81.1.2)
Nokia PC Connectivity Solution (x32 Version: 6.23.9.0)
Nokia PC Suite (x32 Version: 6.81.13.0)
Nokia Phone Browser 64-bit (Version: 6.81.13.0)
NVIDIA 3D Vision Driver 267.95 (Version: 267.95)
NVIDIA Control Panel 267.95 (Version: 267.95)
NVIDIA Graphics Driver 267.95 (Version: 267.95)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6795)
PC Connectivity Solution 64-bit components (Version: 6.23.9.0)
PDF-Viewer (Version: 2.5.201.0)
Picasa 3 (x32 Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PureSync (x32 Version: 3.7.6)
PureSync 3.7.6 (x32 Version: 3.7.6)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378)
Recovery Manager (x32 Version: 5.5.0.4320)
Remote Graphics Receiver (x32 Version: 5.4.5)
Skype™ 5.10 (x32 Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
VIP Access SDK (1.0.1.4)  (x32 Version: 1.0.1.4)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Vodafone Mobile Broadband (x32 Version: 10.2.103.31248)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Searchqu Toolbar (x32 Version: 3.0.0.115676)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
Zinio Reader 4 (x32 Version: 4.2.4164)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-04-18 19:02 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\DigitalSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang) (User: )
Description: Programm Updater.exe, Version 1.0.2.48 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 490

Startzeit: 01cebc40ea06375a

Endzeit: 2

Anwendungspfad: C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe

Berichts-ID:

Error: (09/28/2013 01:23:21 PM) (Source: Application Hang) (User: )
Description: Programm msiexec.exe, Version 5.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c2c

Startzeit: 01cebc3d058b1779

Endzeit: 2

Anwendungspfad: C:\Windows\SysWOW64\msiexec.exe

Berichts-ID: 5914f079-2830-11e3-b0c6-bc054305c3e5

Error: (09/28/2013 00:01:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/25/2013 11:05:52 PM) (Source: VmbService) (User: )
Description: GetClient

Error: (09/25/2013 11:03:59 PM) (Source: Application Hang) (User: )
Description: Programm iTunes.exe, Version 10.7.0.21 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 155c

Startzeit: 01ceba293ed02739

Endzeit: 29162

Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:

Error: (09/25/2013 11:02:25 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2380

Startzeit: 01ceba32789067a4

Endzeit: 11

Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe

Berichts-ID: c1caa2dd-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:58:43 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2030

Startzeit: 01ceba31ed6bedc3

Endzeit: 11

Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe

Berichts-ID: 3ffff178-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:58:00 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11a0

Startzeit: 01ceba31ad705c3d

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe

Berichts-ID: 23074a30-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:41:02 PM) (Source: Application Hang) (User: )
Description: Programm PicasaPhotoViewer.exe, Version 3.9.136.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f88

Startzeit: 01ceba2f7c4fb3c2

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

Berichts-ID: c82dc8b0-2622-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127


System errors:
=============
Error: (09/28/2013 06:42:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (09/25/2013 11:05:53 PM) (Source: Application Popup) (User: )
Description: Treiber USB hat eine ungültige ID für das untergeordnete Gerät (09020000000111436600000298) zurückgegeben.

Error: (09/25/2013 10:58:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (09/25/2013 10:23:41 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:22:11 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:21:13 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:20:15 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:19:16 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:18:18 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/25/2013 10:16:00 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang)(User: )
Description: Updater.exe1.0.2.4849001cebc40ea06375a2C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe

Error: (09/28/2013 01:23:21 PM) (Source: Application Hang)(User: )
Description: msiexec.exe5.0.7601.175141c2c01cebc3d058b17792C:\Windows\SysWOW64\msiexec.exe5914f079-2830-11e3-b0c6-bc054305c3e5

Error: (09/28/2013 00:01:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/25/2013 11:05:52 PM) (Source: VmbService)(User: )
Description: GetClient

Error: (09/25/2013 11:03:59 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.7.0.21155c01ceba293ed0273929162C:\Program Files (x86)\iTunes\iTunes.exe

Error: (09/25/2013 11:02:25 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0238001ceba32789067a411C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exec1caa2dd-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:58:43 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0203001ceba31ed6bedc311C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe3ffff178-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:58:00 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.011a001ceba31ad705c3d12C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe23074a30-2625-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:41:02 PM) (Source: Application Hang)(User: )
Description: PicasaPhotoViewer.exe3.9.136.20f8801ceba2f7c4fb3c24C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exec82dc8b0-2622-11e3-8e2b-001e101f63cf

Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8172.83 MB
Available physical RAM: 5614.92 MB
Total Pagefile: 16343.85 MB
Available Pagefile: 13230.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:482.72 GB) (Free:414.49 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1367.19 GB) (Free:274.23 GB) NTFS
Drive r: (HP_RECOVERY) (Fixed) (Total:13.01 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Gmer.txt
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-28 19:48:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MN6O 1863,02GB
Running: 8n831bpw.exe; Driver: C:\Users\Jolanda\AppData\Local\Temp\fxliqpod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:3852]                            0000000074ee7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:1916]                            0000000066870cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:2100]                            0000000076fc2e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6056]                            0000000076fc3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6140]                            0000000076fc3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:5800]                            0000000076fc3e85

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude              388400
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                            2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                        \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                      aswMonFlt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                            FSFilter Anti-Virus
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                  FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                      avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                        aswMonFlt Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude            320700
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                        aswRvrt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                        avast! Revert
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              78
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              717506
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                              \Device\Harddisk0\Partition2\Windows
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                  137600
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                            \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                          aswSP
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                          avast! Self Protection
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                        \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                              \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  10
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                      32
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                LocalSystem
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                            1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d03c3c                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                  388400
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                            \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                          aswMonFlt
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                      FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                          avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                   
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                            aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                320700
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                  0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                            aswRvrt
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                            avast! Revert
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  78
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  717506
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                  \Device\Harddisk0\Partition2\Windows
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                    2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                      137600
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                              aswSP
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                              avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                            \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                  \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      10
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                          32
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                    LocalSystem
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d03c3c (not active ControlSet)   

---- EOF - GMER 2.1 ----
mbam-log-2013-09-29 (14-11-02).txt
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2013.09.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.10.9200.16686
XXXX:: YYYY[limited]

Protection: Enabled

29.09.2013 14:11:02
mbam-log-2013-09-29 (14-11-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198291
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Avast.txt
Code:
*
* avast! Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Prüfungsname: Schnelle Überprüfung
* Start: Sonntag, 29. September 2013 14:31:08
* VPS: 130928-1, 28.09.2013
*

Infizierte Dateien: 0
Dateien gesamt: 53273
Ordner gesamt: 41931
Gesamtgröße: 30,7 GB

*
* Prüfung beendet: Sonntag, 29. September 2013 14:36:58
* Laufzeit war 5 Minute(n), 50 Sekunde(n)
*

Der EU-Avira Cleaner scheint keine Logfiles zu schreiben. Zumindest habe ich keine gefunden.

Danke und Gruß

schrauber 29.09.2013 17:27
Hi,

ist das der einzige Rechner in eurem Netz?

huhu13 30.09.2013 08:45
Nein, es gibt noch etliche PCs, Telefone, Tablets im Netz.
Allerdings habe ich keinerlei Zugriff auf die anderen Geräte.
Hier die Situation:
Mein PC ist "Gast" in einem WLAN. Der Besitzer des WLANs hat Post von der Telekom bekommen, dass man Zero Access an seinem Anschluss festgestellt hätte. Sie haben ihm auch Port 25 gesperrt.
Was der Besitzer mit seinen Geräten gemacht hat, weiß ich nicht. Ein "Experte" hat alles durchsucht, aber nichts gefunden. Mein PC wurde nicht durchsucht. Mit was der Experte gesucht hat, weiß ich auch nicht.

Ich möchte nur jetzt für mich sicherstellen, dass mein PC sauber ist, bevor ich mich wieder ins WLAN dort einlogge.

schrauber 30.09.2013 16:41
schaun wir mal genauer:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

huhu13 30.09.2013 20:25
Erst mal danke an Dich.

Hier die ComboFix.txt

Code:
Combofix Logfile:

       
Code:

       
ComboFix 13-09-30.02 - YYYYY 30.09.2013  21:02:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.5514 [GMT 2:00]
ausgeführt von:: c:\users\XXXXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
c:\users\XXXXX\AppData\Local\assembly\tmp
c:\users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\YYYYY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\YYYYY\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\YYYYY\Desktop\Search.lnk
c:\windows\IsUn0407.exe
c:\windows\SysWow64\CddbCdda.dll
c:\windows\SysWow64\SETB945.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-28 bis 2013-09-30  ))))))))))))))))))))))))))))))
.
.
2013-09-30 19:12 . 2013-09-30 19:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-09-30 19:12 . 2013-09-30 19:12        --------        d-----w-        c:\users\YYYYY\AppData\Local\temp
2013-09-30 19:12 . 2013-09-30 19:12        --------        d-----w-        c:\users\ZZZZZ\AppData\Local\temp
2013-09-28 17:17 . 2013-09-28 17:17        --------        d-----w-        C:\FRST
2013-09-28 17:09 . 2013-09-30 18:52        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F52F49F4-F26B-4EF6-90FD-7E2C4A889D33}\offreg.dll
2013-09-28 17:09 . 2013-09-28 17:09        --------        d-----w-        c:\program files (x86)\OpenIt
2013-09-28 12:55 . 2013-08-10 05:20        3959296        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2013-09-28 11:29 . 2013-09-28 11:29        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2013-09-28 11:29 . 2013-09-28 11:29        --------        d-----w-        c:\program files (x86)\QuickTime
2013-09-28 11:27 . 2013-09-28 11:27        --------        d-----w-        c:\program files (x86)\Apple Software Update
2013-09-28 11:19 . 2013-09-28 11:19        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-09-28 11:19 . 2013-09-28 11:19        --------        d-----w-        c:\programdata\Oracle
2013-09-28 11:19 . 2013-09-28 11:19        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-28 10:56 . 2013-08-05 02:25        155584        ----a-w-        c:\windows\system32\drivers\ataport.sys
2013-09-28 10:55 . 2013-09-28 10:55        --------        d-----w-        c:\users\YYYYY\AppData\Local\avgchrome
2013-09-28 10:50 . 2013-09-28 10:50        --------        d-----w-        c:\users\YYYYY\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 10:49 . 2013-08-08 01:20        3155456        ----a-w-        c:\windows\system32\win32k.sys
2013-09-28 10:49 . 2013-09-28 10:49        --------        d-----w-        c:\users\YYYYY\AppData\Roaming\DigitalSite
2013-09-28 10:49 . 2013-09-28 10:49        --------        d-----w-        c:\programdata\Babylon
2013-09-28 10:49 . 2013-07-26 02:24        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-09-28 10:49 . 2013-07-26 02:24        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-09-28 10:42 . 2013-09-05 05:32        9694160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F52F49F4-F26B-4EF6-90FD-7E2C4A889D33}\mpengine.dll
2013-09-25 20:58 . 2013-09-25 20:58        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 20:56 . 2013-09-25 20:56        --------        d-----w-        c:\programdata\fotobuch.de AG
2013-09-25 20:56 . 2013-09-25 20:56        --------        d-----w-        c:\users\YYYYY\AppData\Roaming\fotobuch.de AG
2013-09-25 20:54 . 2013-09-25 20:55        --------        d-----w-        c:\program files (x86)\fotobuch.de
2013-09-25 20:54 . 2013-09-25 20:54        --------        d-----w-        c:\windows\SysWow64\artworks
2013-09-17 18:42 . 2013-09-17 18:42        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 18:32 . 2013-09-17 18:32        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 14:29 . 2013-09-15 14:29        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 13:51 . 2011-04-18 13:43        85504        ----a-w-        c:\windows\system32\drivers\ew_jubusenum.sys
2013-09-15 13:51 . 2011-04-18 13:43        1490656        ----a-w-        c:\windows\system32\wdfcoinstaller01007.dll
2013-09-15 13:51 . 2011-04-18 13:43        117248        ----a-w-        c:\windows\system32\drivers\ew_hwusbdev.sys
2013-09-15 13:51 . 2011-04-18 13:43        219008        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2013-09-15 13:51 . 2011-04-18 13:43        13952        ----a-w-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-09-15 13:51 . 2011-04-18 13:43        413696        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2013-09-15 13:50 . 2013-09-15 13:50        39552        ----a-w-        c:\windows\system32\drivers\tcpipBM.sys
2013-09-15 13:50 . 2013-09-15 13:50        16512        ----a-w-        c:\windows\system32\drivers\BMLoad.sys
2013-09-15 13:48 . 2013-09-17 18:32        --------        d-----w-        c:\programdata\Vodafone
2013-09-15 13:48 . 2013-09-15 13:48        --------        d-----w-        c:\programdata\FLEXnet
2013-09-15 13:48 . 2013-09-15 13:48        --------        d-----w-        c:\program files (x86)\Vodafone
2013-09-15 13:47 . 2013-09-15 13:47        --------        d-----w-        c:\users\YYYYY\AppData\Local\Downloaded Installations
2013-09-05 14:04 . 2013-09-05 14:04        209272        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04        209272        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-02 18:57 . 2013-09-15 14:56        --------        d-----w-        c:\users\XXXXX\AppData\Roaming\Iminent
2013-09-02 18:53 . 2013-09-02 18:53        --------        d-----w-        c:\users\YYYYY\AppData\Local\Cool_Mirage
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-28 12:54 . 2012-04-11 09:22        79143768        ----a-w-        c:\windows\system32\MRT.exe
2013-09-28 11:19 . 2012-01-12 19:16        790440        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-09-28 09:56 . 2012-04-12 07:02        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-28 09:56 . 2011-12-09 00:45        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-07 02:22 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-28 10:53        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-17 13:27        1888768        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 13:27        1620992        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 13:27        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 13:27        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-17 13:27        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-17 13:27        1217024        ----a-w-        c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-17 13:27        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-17 13:27        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-17 13:27        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-17 13:27        663552        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-17 13:27        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-17 13:27        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 13:27        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-17 13:27        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-17 13:27        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-03-07 19:30 . 2013-03-07 19:30        4126720        ----a-w-        c:\program files (x86)\GUT399.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2004-11-22 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
.
c:\users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6100\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CH4RHP805KR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6100\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CH4RHP805KR;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:56]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-27 17:35]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-27 17:35]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
- c:\users\YYYYY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 21:00]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
- c:\users\YYYYY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 21:00]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
- c:\users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 21:53]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
- c:\users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 21:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\XXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\XXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\XXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\XXXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=C06CBC054305C3E5&affID=119357&tt=250913_cpn2&tsp=5019
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\YYYYY\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\
FF - ExtSQL: 2013-09-15 15:48; ff-bmboc@bytemobile.com; c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - c06c9b1f000000000000bc054305c3e5
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 15950
FF - user.js: extensions.iminent.vrsn - 1.8.21.26
FF - user.js: extensions.iminent.vrsni - 1.8.21.26
FF - user.js: extensions.iminent.vrsnTs - 1.8.21.2620:57
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - base
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c06c9b1f000000000000bc054305c3e5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15976
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.612:50
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - coupon2
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=250913_cpn2&tsp=5019
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Photoshop 7.0.1 - c:\windows\ISUN0407.EXE
AddRemove-Searchqu 414 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe
AddRemove-Zip Extractor Packages - c:\users\YYYYY\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-30  21:17:23
ComboFix-quarantined-files.txt  2013-09-30 19:17
.
Vor Suchlauf: 12 Verzeichnis(se), 444.127.158.272 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 445.354.156.032 Bytes frei
.
- - End Of File - - B56093E68AAF46D72D0993D737390135

--- --- ---

schrauber 01.10.2013 16:32
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

huhu13 06.10.2013 16:35
Hallo, war leider die letzten Tage verhindert. Bin endlich dazu gekommen, alles zu machen.
Hier die Logs:

mbam.log, nachdem ich alle Funde entfernt hatte:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
XXXXX :: PC-PC [limited]

06.10.2013 16:39:32
mbam-log-2013-10-06 (16-39-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186001
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

AdwCleaner[R1].txt
AdwCleaner Logfile:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 06/10/2013 um 17:16:09
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : PC - PC-Name
# Gestartet von : C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gefunden : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\\invalidprefs.js
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\iminent.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\searchplugins\SearchResults.xml
Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\user.js
Ordner Gefunden C:\Program Files (x86)\openit
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\boost_interprocess
Ordner Gefunden C:\Users\XXXXX\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\PC\AppData\Local\cool_mirage
Ordner Gefunden C:\Users\PC\AppData\Roaming\digitalsite
Ordner Gefunden C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\SearchCore for Browsers
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Delta
Schlüssel Gefunden : [x64] HKCU\Software\dsiteproducts
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\SearchCore for Browsers
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\86d88abd6eed17
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdf-xchange-viewer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SearchCore for Browsers

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v9.0.1 (de)

[ Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\r4rblr7n.default\prefs.js ]

Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "de");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "c06c9b1f000000000000bc054305c3e5");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15976");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "coupon2");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.24.612:50:16");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gefunden : user_pref("extensions.delta_i.babExt", "");
Zeile gefunden : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250913_cpn2&tsp=5019");
Zeile gefunden : user_pref("extensions.delta_i.srcExt", "ss");

[ Datei : C:\Users\YYYYY\AppData\Roaming\Mozilla\Firefox\Profiles\uoenzsps.default\prefs.js ]


[ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v

[ Datei : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15754 octets] - [06/10/2013 16:51:35]
AdwCleaner[R1].txt - [15479 octets] - [06/10/2013 17:16:09]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [15540 octets] ##########
--- --- ---

[/CODE]

JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by XXXX on 06.10.2013 at 17:22:56,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.10.2013 at 17:22:56,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Viele Grüße

PS: beim AdwCleaner habe ich noch nichts gelöscht. Nur erst mal gescannt

PPS: das FRST Log hatte ich vergessen

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by XXXXX (ATTENTION: The logged in user is not administrator) on PC on 06-10-2013 17:33:18
Running from C:\Users\XXXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files\npp.6.0.bin\unicode\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt
2013-10-06 16:51 - 2013-10-06 17:21 - 00000000 ____D C:\AdwCleaner
2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe
2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox
2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe
2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-10-06 16:33 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations

==================== One Month Modified Files and Folders =======

2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-10-06 17:31 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt
2013-10-06 17:21 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 16:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 16:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 16:38 - 2011-12-21 22:13 - 02030719 _____ C:\Windows\WindowsUpdate.log
2013-10-06 16:35 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 16:34 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log
2013-10-06 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 16:34 - 2009-07-14 06:51 - 00080471 _____ C:\Windows\setupact.log
2013-10-06 16:33 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot
2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 12:22 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-10-05 14:53 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-10-05 14:53 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-10-05 14:53 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot
2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox
2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe
2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYYY
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX

Some content of TEMP:
====================
C:\Users\ZZZZZ\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 06.10.2013 17:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

huhu13 06.10.2013 18:04
Nö, keine Probleme vorerst ;-)
Hier die Logfiles:

Eset log:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=991042ee22c76a408841a1e5d56e1c8e
# engine=15377
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 04:51:54
# local_time=2013-10-06 06:51:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1721573 157791786 0 0
# compatibility_mode=5893 16776573 100 94 9531 132708164 0 0
# scanned=98720
# found=0
# cleaned=0
# scan_time=2396
checkupt.txt von security check:

Code:
Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 HijackThis 2.0.2   
 Java(TM) 6 Update 31 
 Java 7 Update 40 
 Adobe Flash Player 11.8.800.168 
 Adobe Reader XI 
 Mozilla Firefox (9.0.1)
 Google Chrome 16.0.912.77 
 Google Chrome 17.0.963.83 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Und ein frisches Frst.log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by XXXXX (ATTENTION: The logged in user is not administrator) on PC on 06-10-2013 18:56:40
Running from C:\Users\XXXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Don HO don.h@free.fr) C:\Program Files\npp.6.0.bin\unicode\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXXX\Desktop\SecurityCheck.exe
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXXX\Downloads\esetsmartinstaller_enu.exe
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt
2013-10-06 16:51 - 2013-10-06 17:21 - 00000000 ____D C:\AdwCleaner
2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe
2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox
2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe
2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-10-06 16:33 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations

==================== One Month Modified Files and Folders =======

2013-10-06 18:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXXX\Desktop\SecurityCheck.exe
2013-10-06 18:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-10-06 18:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-10-06 18:28 - 2011-12-21 22:13 - 02039802 _____ C:\Windows\WindowsUpdate.log
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXXX\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZZ\Desktop\JRT.txt
2013-10-06 17:21 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner
2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 16:42 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 16:35 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 16:34 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log
2013-10-06 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 16:34 - 2009-07-14 06:51 - 00080471 _____ C:\Windows\setupact.log
2013-10-06 16:33 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT6.1.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Greenshot
2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 12:22 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Greenshot
2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox
2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXXX\Desktop\ComboFix.exe
2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXXX\Downloads\8n831bpw.exe
2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYYY
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX

Some content of TEMP:
====================
C:\Users\ZZZZZ\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---


Noch eine Frage:
soll ich irgendwann die von AdwCleaner gefundenen Dateien usw. löschen?

schrauber 07.10.2013 08:29
Laut Anleitung hättest Du die Funde von AdwCleaner direkt löschen sollen ;).

Mach das, lösch alles was der Acw findet, poste dann bitte ein frisches FRST log.

huhu13 07.10.2013 20:44
Hast ja Recht. Wer lesen kann ...
Nun.
So, ich habe die Funde in AdwCleaner alle gelöscht.

Und hier nochmal ein frisches FRST.log


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by XXXX (ATTENTION: The logged in user is not administrator) on PC on 07-10-2013 21:39:12
Running from C:\Users\XXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-08-30] (AVAST Software)
HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [289888 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXX\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXX\Desktop\SecurityCheck.exe
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXX\Downloads\esetsmartinstaller_enu.exe
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXX\Downloads\FRST64.exe
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZ\Desktop\JRT.txt
2013-10-06 16:51 - 2013-10-07 21:25 - 00000000 ____D C:\AdwCleaner
2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Desktop\JRT6.1.exe
2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Greenshot
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Local\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\XXXX\Desktop\ComboFix.exe
2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox
2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXX\Downloads\8n831bpw.exe
2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\XXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXX\Downloads\Defogger.exe
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Downloaded Installations

==================== One Month Modified Files and Folders =======

2013-10-07 21:35 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:35 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:31 - 2011-12-21 22:13 - 01050612 _____ C:\Windows\WindowsUpdate.log
2013-10-07 21:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-10-07 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-10-07 21:27 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 21:27 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-07 21:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 21:27 - 2009-07-14 06:51 - 00080583 _____ C:\Windows\setupact.log
2013-10-07 21:25 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZ
2013-10-07 21:08 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-10-06 20:33 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 20:33 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 20:33 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-10-06 19:07 - 2012-04-06 15:06 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\XXXX\Desktop\SecurityCheck.exe
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\XXXX\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\XXXX\Downloads\FRST64.exe
2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXX\Desktop\Google Chrome.lnk
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\ZZZZ\Desktop\JRT.txt
2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log
2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\XXXX\Desktop\JRT6.1.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\XXXX\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\XXXX\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\XXXX\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\XXXX\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Greenshot
2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Greenshot
2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Local\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\XXXX\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox
2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\XXXX\Desktop\ComboFix.exe
2013-09-30 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\ZZZZ\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\ZZZZ\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\ZZZZ\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\XXXX\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\XXXX\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\XXXX\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\XXXX\Downloads\8n831bpw.exe
2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\XXXX\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXX\Downloads\Defogger.exe
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Adobe
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\YYYY
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXX

Some content of TEMP:
====================
C:\Users\ZZZZ\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---
Danke nochmal für Deine Geduld

[/CODE]

Ich sehe im FRST.log folgendes unter "Chrome"

Code:
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
Ist das der Übeltäter, der sich immer wieder die Startseite und alles mögliche andere in Chrome ändert?

schrauber 08.10.2013 08:56
Unter andrem, sind alles Reste.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


huhu13 08.10.2013 18:44
So, und hier das fixlog.txt

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by XXXX at 2013-10-08 19:40:34 Run:1
Running from C:\Users\XXXX\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key deleted successfully.
HKCR\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key not found.
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====
Ich habe eben in Chrome noch die Startseite geändert.
Alle Toolbars von dem Imenent-Ding scheinen weg zu sein.

Konntest Du irgendeinen Hinweis auf zero access finden?

schrauber 09.10.2013 08:29
Nö. Poste bitte ein frisches FRST log. Gibt es auch noch andere Rechner im Netz bei euch?

huhu13 10.10.2013 21:09
Es gibt noch andere PCs im Netzwerk, aber auf die habe ich, wie eingangs erwähnt, keinen Zugriff.
Mir ging es nur um meinen eigenen.
Aber außer ein paar nervigen Toolbars scheine ich nix ernstes gehabt zu haben, oder?

Hier noch mal ein frisches FRST.log

Und danke für Deine Hilfe!



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by xxxx (ATTENTION: The logged in user is not administrator) on pc on 10-10-2013 22:00:44
Running from C:\Users\xxxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6100\bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Greenshot] - C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-08-30] (AVAST Software)
HKLM-x32\...\RunOnce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [289888 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0
CHR Extension: (Analytics Blocker) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\yyy\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\xxxx\Desktop\SecurityCheck.exe
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\xxxx\Downloads\esetsmartinstaller_enu.exe
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\xxxx\Downloads\FRST64.exe
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\yyy\Desktop\JRT.txt
2013-10-06 16:51 - 2013-10-07 21:25 - 00000000 ____D C:\AdwCleaner
2013-10-06 16:50 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Desktop\JRT6.1.exe
2013-10-06 16:50 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 16:17 - 2013-10-06 16:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Local\Greenshot
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Local\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\xxxx\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 20:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-30 20:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-30 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-30 20:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-30 20:57 - 2013-09-30 20:58 - 05131234 ____R (Swearware) C:\Users\xxxx\Desktop\ComboFix.exe
2013-09-30 20:56 - 2013-09-30 21:17 - 00000000 ____D C:\Qoobox
2013-09-30 20:55 - 2013-09-30 21:16 - 00000000 ____D C:\Windows\erdnt
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\yyy\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\yyy\AppData\Roaming\WBPU-TTL.DAT
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\xxxx\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\xxxx\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\xxxx\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\xxxx\Downloads\8n831bpw.exe
2013-09-28 19:18 - 2013-09-28 19:23 - 00023449 _____ C:\Users\xxxx\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\xxxx\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\xxxx\Downloads\Defogger.exe
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\yyy\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\yyy\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\xxxx\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\xxxx\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\yyy\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\xxxx\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\yyy\AppData\Local\Downloaded Installations

==================== One Month Modified Files and Folders =======

2013-10-10 21:57 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 21:57 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-10-10 21:57 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-10 21:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 21:57 - 2009-07-14 06:51 - 00080695 _____ C:\Windows\setupact.log
2013-10-08 22:09 - 2011-12-21 22:13 - 01124711 _____ C:\Windows\WindowsUpdate.log
2013-10-08 22:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 21:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 21:55 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-10-08 21:55 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-10-08 21:55 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-10-08 21:55 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-10-08 19:43 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 19:43 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:25 - 2013-10-06 16:51 - 00000000 ____D C:\AdwCleaner
2013-10-07 21:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\yyy
2013-10-06 19:07 - 2012-04-06 15:06 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-06 18:53 - 2013-10-06 18:53 - 00891167 _____ C:\Users\xxxx\Desktop\SecurityCheck.exe
2013-10-06 18:07 - 2013-10-06 18:07 - 02347384 _____ (ESET) C:\Users\xxxx\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:07 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-10-06 18:07 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-10-06 18:07 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-06 17:33 - 2013-10-06 17:33 - 01954124 _____ (Farbar) C:\Users\xxxx\Downloads\FRST64.exe
2013-10-06 17:31 - 2013-09-02 21:09 - 00002323 _____ C:\Users\xxxx\Desktop\Google Chrome.lnk
2013-10-06 17:22 - 2013-10-06 17:22 - 00000627 _____ C:\Users\yyy\Desktop\JRT.txt
2013-10-06 16:34 - 2010-11-21 05:47 - 00433384 _____ C:\Windows\PFRO.log
2013-10-06 16:23 - 2013-10-06 16:50 - 01029675 _____ (Thisisu) C:\Users\xxxx\Desktop\JRT6.1.exe
2013-10-06 16:23 - 2013-10-06 16:23 - 01029675 _____ (Thisisu) C:\Users\xxxx\Downloads\JRT6.1.exe
2013-10-06 16:21 - 2013-10-06 16:50 - 01045226 _____ C:\Users\xxxx\Desktop\adwcleaner_3.0.0.6.exe
2013-10-06 16:21 - 2013-10-06 16:21 - 01045226 _____ C:\Users\xxxx\Downloads\adwcleaner_3.0.0.6.exe
2013-10-06 16:20 - 2013-10-06 16:20 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 16:20 - 2013-10-06 16:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-06 16:18 - 2013-10-06 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\xxxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Roaming\Greenshot
2013-10-06 14:21 - 2013-10-06 14:21 - 00000000 ____D C:\Users\yyy\AppData\Local\Greenshot
2013-10-06 13:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-30 21:41 - 2013-09-30 21:41 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Greenshot
2013-09-30 21:41 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Local\Greenshot
2013-09-30 21:39 - 2013-09-30 21:39 - 00000000 ____D C:\Program Files\Greenshot
2013-09-30 21:38 - 2013-09-30 21:38 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenshot
2013-09-30 21:28 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 21:22 - 2013-09-30 21:22 - 00031795 _____ C:\Users\xxxx\Desktop\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 21:17 - 00031809 _____ C:\ComboFix.txt
2013-09-30 21:17 - 2013-09-30 20:56 - 00000000 ____D C:\Qoobox
2013-09-30 21:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 21:16 - 2013-09-30 20:55 - 00000000 ____D C:\Windows\erdnt
2013-09-30 21:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-30 20:58 - 2013-09-30 20:57 - 05131234 ____R (Swearware) C:\Users\xxxx\Desktop\ComboFix.exe
2013-09-29 11:09 - 2013-09-29 11:09 - 00000096 _____ C:\Users\yyy\AppData\Roaming\WB.CFG
2013-09-29 11:09 - 2013-09-29 11:09 - 00000005 _____ C:\Users\yyy\AppData\Roaming\WBPU-TTL.DAT
2013-09-29 11:03 - 2011-12-21 22:17 - 00118800 _____ C:\Users\yyy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-29 10:55 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 20:02 - 2012-04-17 10:39 - 00000000 ____D C:\Windows\Minidump
2013-09-28 19:50 - 2013-09-28 19:50 - 00026710 _____ C:\Users\xxxx\Downloads\gmer.txt
2013-09-28 19:49 - 2013-09-28 19:49 - 00001556 _____ C:\Users\xxxx\Desktop\notepad++.exe - Verknüpfung.lnk
2013-09-28 19:37 - 2013-09-28 19:37 - 00000130 _____ C:\Users\xxxx\Desktop\http---www.handy-faq.de-forum-andere_hersteller-148-usb_datenkabel_fuer_siemens_handys_installieren.html ist nicht verfügbar.url
2013-09-28 19:27 - 2013-09-28 19:27 - 00377856 _____ C:\Users\xxxx\Downloads\8n831bpw.exe
2013-09-28 19:23 - 2013-09-28 19:18 - 00023449 _____ C:\Users\xxxx\Downloads\Addition.txt
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\xxxx\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\xxxx\Downloads\Defogger.exe
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\yyy\AppData\Local\Adobe
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\xxxx\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\xxxx\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\yyy\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\yyy\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\xxxx\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\xxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\yyy\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\xxxx\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\yyy\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\yyy\AppData\Local\Downloaded Installations

Some content of TEMP:
====================
C:\Users\yyy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131