Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Schon wieder pup.optional Funde (https://www.trojaner-board.de/142485-schon-pup-optional-funde.html)

Nachtmann 03.10.2013 19:54
Schon wieder pup.optional Funde
 
Hallo zusammen,

malwarebytes hat schon wieder infizierte Dateien gefunden. Wieder dieses pup.optional.

Würdet mal bitte jemand drüber schauen? Wäre toll. Danke schonmal im Voraus.

Hier meine Logs:
Erst habe ich einen Quick scan gemacht, dann eine Datei aus meinem Downloadordner gelöscht, den Papierkorb gelöscht und die Funde in Malwarebytes entfernt
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Berthi :: BERTHI-PC [Administrator]

03.10.2013 17:57:55
mbam-log-2013-10-03 (17-57-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196444
Laufzeit: 8 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Berthi\Downloads\VideoDownloadConvert.exe (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Dann einen Vollscan und die Funde entfernt
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Berthi :: BERTHI-PC [Administrator]

03.10.2013 18:16:44
mbam-log-2013-10-03 (18-16-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322568
Laufzeit: 58 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\AdwCleaner\Quarantine\C\Users\Berthi\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Berthi\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Berthi\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:06 on 03/10/2013 (Berthi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

schrauber 03.10.2013 21:15
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Nachtmann 03.10.2013 21:57
Hallo Schrauber,
danke für die schnelle Antwort

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 03-10-2013 20:11:17
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-03] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:51 - 2013-10-03 19:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-03 18:11 - 2013-10-03 19:50 - 00015072 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-03 19:12 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-03 20:11 - 2013-10-03 17:55 - 00000000 ____D C:\AdwCleaner
2013-09-03 20:05 - 2013-09-03 20:05 - 00000000 ____D C:\Program Files\Rainlendar2
2013-09-03 20:04 - 2013-09-03 20:04 - 14871560 _____ C:\Users\Berthi\Downloads\Rainlendar-Lite-2.11.1-32bit.exe
2013-09-03 18:11 - 2013-09-03 18:11 - 00078273 _____ C:\Users\Berthi\Downloads\German.r2lang
2013-09-03 18:04 - 2013-10-03 19:50 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-09-03 17:12 - 2013-09-17 13:17 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-03 17:12 - 2010-02-21 18:50 - 00000000 ____D C:\Users\Berthi\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2013-09-03 16:59 - 2013-08-07 04:22 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-03 16:47 - 2013-09-19 15:46 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-03 16:46 - 2013-09-19 15:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-03 16:33 - 2013-09-03 16:33 - 00227096 _____ C:\Users\Berthi\Downloads\avira_registry_cleaner_de.exe
2013-09-03 15:59 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-09-03 15:59 - 2013-09-03 15:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-03 15:53 - 2013-09-05 22:58 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-03 15:46 - 2013-09-03 15:46 - 00905416 _____ (BillP Studios) C:\Users\Berthi\Downloads\setupde.exe
2013-09-03 15:35 - 2013-09-03 15:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-03 15:35 - 2013-09-03 15:35 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-03 15:22 - 2013-09-03 14:53 - 00000987 _____ C:\Users\Berthi\Desktop\Updatechecker Secunia PSI.lnk
2013-09-03 15:17 - 2013-09-03 15:17 - 00000315 _____ C:\updatedatfix.log
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Users\Berthi\AppData\Local\Secunia PSI
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Program Files\Secunia
2013-09-03 09:16 - 2013-09-03 09:16 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Berthi\Downloads\Shockwave_Installer_Slim.exe

==================== One Month Modified Files and Folders =======

2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:57 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:57 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:54 - 2013-08-27 23:58 - 01893634 _____ C:\Windows\WindowsUpdate.log
2013-10-03 19:51 - 2013-10-03 19:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-03 19:50 - 2013-10-03 18:11 - 00015072 _____ C:\Windows\setupact.log
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:50 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-03 19:50 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 19:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 19:12 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-03 17:55 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 12:24 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte
2013-09-03 20:05 - 2013-09-03 20:05 - 00000000 ____D C:\Program Files\Rainlendar2
2013-09-03 20:04 - 2013-09-03 20:04 - 14871560 _____ C:\Users\Berthi\Downloads\Rainlendar-Lite-2.11.1-32bit.exe
2013-09-03 18:11 - 2013-09-03 18:11 - 00078273 _____ C:\Users\Berthi\Downloads\German.r2lang
2013-09-03 16:40 - 2013-08-27 21:29 - 00000000 ____D C:\ProgramData\Avira
2013-09-03 16:33 - 2013-09-03 16:33 - 00227096 _____ C:\Users\Berthi\Downloads\avira_registry_cleaner_de.exe
2013-09-03 15:59 - 2013-09-03 15:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-03 15:52 - 2013-09-03 15:35 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-03 15:46 - 2013-09-03 15:46 - 00905416 _____ (BillP Studios) C:\Users\Berthi\Downloads\setupde.exe
2013-09-03 15:35 - 2013-09-03 15:35 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-03 15:17 - 2013-09-03 15:17 - 00000315 _____ C:\updatedatfix.log
2013-09-03 14:53 - 2013-09-03 15:22 - 00000987 _____ C:\Users\Berthi\Desktop\Updatechecker Secunia PSI.lnk
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Users\Berthi\AppData\Local\Secunia PSI
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Program Files\Secunia
2013-09-03 11:31 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-03 11:31 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\winrm
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\DigitalLocker
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-03 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2013-09-03 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-03 11:30 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\WCN
2013-09-03 11:30 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\MUI
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\com
2013-09-03 11:29 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-03 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-03 11:18 - 2013-09-02 06:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-03 09:16 - 2013-09-03 09:16 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Berthi\Downloads\Shockwave_Installer_Slim.exe
2013-09-03 09:16 - 2009-02-21 07:57 - 00000000 ____D C:\Windows\system32\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 15:36

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Berthi at 2013-10-03 20:11:54
Running from C:\Users\Berthi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 Upload-Manager (Version: 2.0.676)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Shockwave Player (Version: 11.0)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Amazon Kindle
AMD USB Filter Driver (Version: 1.0.11.86)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
Avanquest update (Version: 1.12)
avast! Free Antivirus (Version: 8.0.1497.0)
AVM FRITZ!fax für FRITZ!Box
AVM FRITZ!WLAN
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full New (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Light (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Common (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0804.2223.38385)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0804.2223.38385)
CCC Help Chinese Standard (Version: 2009.0804.2222.38385)
CCC Help Chinese Traditional (Version: 2009.0804.2222.38385)
CCC Help Czech (Version: 2009.0804.2222.38385)
CCC Help Danish (Version: 2009.0804.2222.38385)
CCC Help Dutch (Version: 2009.0804.2222.38385)
CCC Help English (Version: 2009.0804.2222.38385)
CCC Help Finnish (Version: 2009.0804.2222.38385)
CCC Help French (Version: 2009.0804.2222.38385)
CCC Help German (Version: 2009.0804.2222.38385)
CCC Help Greek (Version: 2009.0804.2222.38385)
CCC Help Hungarian (Version: 2009.0804.2222.38385)
CCC Help Italian (Version: 2009.0804.2222.38385)
CCC Help Japanese (Version: 2009.0804.2222.38385)
CCC Help Korean (Version: 2009.0804.2222.38385)
CCC Help Norwegian (Version: 2009.0804.2222.38385)
CCC Help Polish (Version: 2009.0804.2222.38385)
CCC Help Portuguese (Version: 2009.0804.2222.38385)
CCC Help Russian (Version: 2009.0804.2222.38385)
CCC Help Spanish (Version: 2009.0804.2222.38385)
CCC Help Swedish (Version: 2009.0804.2222.38385)
CCC Help Thai (Version: 2009.0804.2222.38385)
CCC Help Turkish (Version: 2009.0804.2222.38385)
ccc-core-static (Version: 2009.0804.2223.38385)
ccc-utility (Version: 2009.0804.2223.38385)
CCleaner (Version: 4.06)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
D3DX10 (Version: 15.4.2368.0902)
ESU for Microsoft Vista (Version: 1.0.0)
Folderico 4.0 RC12 (Version: 4.0 RC12)
HitmanPro.Alert (Version: 2.0.10.45)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart Music/Photo/Video (Version: 2.1.2425)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Product Detection (Version: 11.15.0009)
HP Quick Launch Buttons (Version: 6.50.3.1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50.7.2)
IDT Audio (Version: 1.0.6225.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Junk Mail filter update (Version: 16.4.3508.0205)
LabelPrint (Version: 2.5.1118)
Lexmark 4800 Series
Lexmark Fax-Lösungen
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee Reveal (Version: 7.0.40.10061)
MyTomTom 3.2.0.1220 (Version: 3.2.0.1220)
Photo Common (Version: 16.4.3508.0205)
PopTray 3.20 (Version: 3.20)
Power2Go (Version: 6.0.2325)
PowerDirector (Version: 7.0.2317)
QLBCASL (Version: 6.40.17.2)
Rainlendar2 (remove only)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Revo Uninstaller 1.95 (Version: 1.95)
Scribble Papers 2.7.1
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Shark007 Advanced Codecs (Version: 4.2.6)
SIW 2013 Home Edition (Version: 2013.05.14)
Skype™ 6.7 (Version: 6.7.102)
Sony Ericsson PC Suite 4.005.00 (Version: 4.005.00)
SpywareBlaster 5.0 (Version: 5.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
TV-Browser 3.3.2 (Version: 3.3.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinPatrol (Version: 26.1.2013.0)

==================== Restore Points  =========================

24-09-2013 08:54:54 Windows Update
27-09-2013 12:01:01 Windows Update
28-09-2013 11:48:44 Removed muvee Reveal
30-09-2013 14:55:27 Windows-Sicherung
30-09-2013 15:15:38 Revo Uninstaller's restore point - WOT for Internet Explorer
30-09-2013 15:16:14 Removed WOT for Internet Explorer
30-09-2013 15:18:06 Installed WOT for Internet Explorer
30-09-2013 17:49:29 Revo Uninstaller's restore point - WOT for Internet Explorer
30-09-2013 17:49:51 Removed WOT for Internet Explorer
30-09-2013 18:22:42 Windows-Sicherung
01-10-2013 10:25:13 Windows-Sicherung
02-10-2013 15:48:49 Die Service Pack-Sicherungsdateien wurden entfernt.

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31D4443B-6B67-4BAE-B12D-CD280F9596D4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {8438C3D1-1FC4-4FE8-A03F-9FEEF5AE8787} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {90582319-14E3-4917-A38A-7F0CF43B7014} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {A857EAB3-E1B4-4FBC-986F-DFE7B81770CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {A8BC0AC1-DA9D-4D54-B046-B8A8AF042158} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {B92B2DD9-F6F5-4EF5-81CF-C4C56C944F7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-03 15:52 - 2012-12-10 03:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-28 00:24 - 2013-08-28 00:24 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-20 10:14 - 2013-09-20 10:14 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2013 07:51:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 07:15:39 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5692. Meldungs-ID: [0x2509].

Error: (10/03/2013 06:12:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (10/03/2013 07:50:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TV Task Scheduler (TVTS)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/03/2013 07:50:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TV Background Capture Service (TVBCS)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/03/2013 07:50:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/03/2013 07:50:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdeCATSCustConnectService erreicht.

Error: (10/03/2013 07:50:15 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/03/2013 06:12:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/03/2013 06:12:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/03/2013 06:12:37 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/03/2013 06:12:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/03/2013 06:12:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-03 20:06:14.687
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 19:48:47.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 19:15:26.977
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 18:29:20.263
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 18:06:33.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 17:34:23.235
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 16:44:08.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 16:27:08.001
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 15:55:41.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-03 15:20:07.407
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3069.84 MB
Available physical RAM: 1748.25 MB
Total Pagefile: 6137.96 MB
Available Pagefile: 4507.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.45 GB) (Free:246.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.64 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 068571AB)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Nachtmann 03.10.2013 21:59
GMER
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-03 20:35:34
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Berthi\AppData\Local\Temp\fxdiipow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwAddBootEntry [0x9483B610]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwAllocateVirtualMemory [0x9510B5FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwAssignProcessToJobObject [0x9483C0E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateEvent [0x94847F18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateEventPair [0x94847F64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateIoCompletion [0x948480FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateMutant [0x94847E86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwCreateSection [0x9510B992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateSemaphore [0x94847ECE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateThread [0x9483C5E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateThreadEx [0x9483C800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwCreateTimer [0x948480B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwDebugActiveProcess [0x9483CE9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwDeleteBootEntry [0x9483B676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwDuplicateObject [0x94840596]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwFreeVirtualMemory [0x9510B6C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwLoadDriver [0x95109C12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwModifyBootEntry [0x9483B6DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwNotifyChangeKey [0x9484098C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwNotifyChangeMultipleKeys [0x9483D92C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenEvent [0x94847F42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenEventPair [0x94847F86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenIoCompletion [0x94848122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenMutant [0x94847EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenProcess [0x9483FE78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenSection [0x94848036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenSemaphore [0x94847EF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenThread [0x9484026E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwOpenTimer [0x948480DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwProtectVirtualMemory [0x9510B822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwQueryObject [0x9483D7F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwQueueApcThreadEx [0x9483D506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSetBootEntryOrder [0x9483B742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSetBootOptions [0x9483B7A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSetContextThread [0x9483CD16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSetSystemInformation [0x9483B2F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSetSystemPowerState [0x9483B4CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwShutdownSystem [0x9483B45C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSuspendProcess [0x9483D066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSuspendThread [0x9483D1C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwSystemDebugControl [0x9483B556]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwTerminateProcess [0x9510B8EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwTerminateThread [0x9483CCF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwUnloadDriver [0x95109C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                    ZwVdmControl [0x9483B80E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwWriteVirtualMemory [0x9510B76E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                    ZwCreateProcessEx [0x95124E00]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                  82E55A15 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                    82E8F212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                      82E96460 4 Bytes  [10, B6, 83, 94]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                      82E96488 4 Bytes  [FA, B5, 10, 95] {CLI ; MOV CH, 0x10; XCHG EBP, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                      82E964E8 4 Bytes  [E6, C0, 83, 94]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                      82E9653C 8 Bytes  [18, 7F, 84, 94, 64, 7F, 84, ...] {SBB [EDI-0x7c], BH; XCHG ESP, EAX; JG 0xffffff8b; XCHG ESP, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                      82E96548 4 Bytes  [FE, 80, 84, 94]
.text          ...                                                                                                                                     
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                        83023D39 5 Bytes  JMP 95121C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                          8303C370 5 Bytes  JMP 951237CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                              830514CF 4 Bytes  CALL 9483DFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                              8306B323 4 Bytes  CALL 9483E005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                            830F526E 7 Bytes  JMP 95124E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?              System32\drivers\ffhrcj.sys                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                  section is writeable [0x9520E000, 0x2D556C, 0xE8000020]
.text          win32k.sys!EngFntCacheLookUp + 8B1F                                                                                                      AACB0A8B 5 Bytes  JMP 948414DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateRectRgn + 3819                                                                                                        AACC4B64 5 Bytes  JMP 94841628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCreateRectRgn + 47FC                                                                                                        AACC5B47 5 Bytes  JMP 948412F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCTGetGammaTable + 310                                                                                                      AACE1593 5 Bytes  JMP 948421B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCTGetGammaTable + 4CE9                                                                                                      AACE5F6C 5 Bytes  JMP 94840D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCTGetGammaTable + 6136                                                                                                      AACE73B9 5 Bytes  JMP 948423FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCTGetGammaTable + BE9B                                                                                                      AACED11E 5 Bytes  JMP 948416CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngCTGetGammaTable + C0EA                                                                                                      AACED36D 5 Bytes  JMP 948417E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngMapFontFileFD + 650                                                                                                        AAD06ED1 5 Bytes  JMP 948409C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngMapFontFileFD + 70E                                                                                                        AAD06F8F 5 Bytes  JMP 948416EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngMapFontFileFD + 38FE                                                                                                        AAD0A17F 5 Bytes  JMP 94840AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngMapFontFileFD + 39BC                                                                                                        AAD0A23D 5 Bytes  JMP 94840BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EDE                                                                                      AAD0E8B5 5 Bytes  JMP 94841508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnmapFontFileFD + 2B22                                                                                                      AAD18305 5 Bytes  JMP 9484122C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnmapFontFileFD + ACE0                                                                                                      AAD204C3 5 Bytes  JMP 94840DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnmapFontFileFD + 14FA1                                                                                                    AAD2A784 5 Bytes  JMP 94842060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngAlphaBlend + 507B                                                                                                          AAD41F7E 5 Bytes  JMP 94842116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngBitBlt + 42B4                                                                                                              AAD4F93B 5 Bytes  JMP 94842614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnlockSurface + B288                                                                                                        AAD65243 5 Bytes  JMP 94842162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngUnlockSurface + CC47                                                                                                        AAD66C02 5 Bytes  JMP 948441FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngDeleteClip + 480C                                                                                                          AAD77AC2 5 Bytes  JMP 94840CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngEqualRgn + 41E2                                                                                                            AAD85AB2 5 Bytes  JMP 94841150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngEqualRgn + B479                                                                                                            AAD8CD49 5 Bytes  JMP 948424BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngDeleteRgn + 2198                                                                                                            AADA3B9F 5 Bytes  JMP 94841008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!EngFillPath + 8625                                                                                                            AADC4CA8 5 Bytes  JMP 9484256C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!PATHOBJ_vGetBounds + 2EC7                                                                                                      AADDCC28 5 Bytes  JMP 9484233C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!PATHOBJ_vGetBounds + 3458                                                                                                      AADDD1B9 5 Bytes  JMP 94840EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!PATHOBJ_vGetBounds + 6547                                                                                                      AADE02A8 5 Bytes  JMP 9484170A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!PATHOBJ_vGetBounds + 9687                                                                                                      AADE33E8 5 Bytes  JMP 94840F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          win32k.sys!PATHOBJ_vGetBounds + BF6E                                                                                                      AADE5CCF 5 Bytes  JMP 948417C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          ...                                                                                                                                     
.text          win32k.sys!EngCTGetCurrentGamma + 6404                                                                                                    AADF1E94 5 Bytes  JMP 948410AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text          C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                                                                        section is writeable [0x96401000, 0x2892, 0xE8000020]
.vmp2          C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                                                                        entry point in ".vmp2" section [0x96424050]
.text          kernel32.dll!GetBinaryTypeW + 70                                                                                                          76DD69E4 1 Byte  [62]

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\avmwlanstick\WlanNetService.exe[108] kernel32.dll!GetBinaryTypeW + 70                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\taskhost.exe[372] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Program Files\IDT\WDM\sttray.exe[376] ntdll.dll!LdrUnloadDll                                                                          76EAC8DE 5 Bytes  JMP 002F03FC
.text          C:\Program Files\IDT\WDM\sttray.exe[376] ntdll.dll!LdrLoadDll                                                                            76EB22AE 5 Bytes  JMP 002F01F8
.text          C:\Program Files\IDT\WDM\sttray.exe[376] KERNEL32.dll!GetBinaryTypeW + 70                                                                76DD69E4 1 Byte  [62]
.text          C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!UnhookWindowsHookEx                                                                  7520ADF9 5 Bytes  JMP 00300A08
.text          C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!UnhookWinEvent                                                                        7520B750 5 Bytes  JMP 003003FC
.text          C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWindowsHookExW                                                                    7520E30C 5 Bytes  JMP 00300804
.text          C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWinEventHook                                                                      752124DC 5 Bytes  JMP 003001F8
.text          C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWindowsHookExA                                                                    75236D0C 5 Bytes  JMP 00300600
.text          C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70                                                                      76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70                                                                      76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 70                                                                      76DD69E4 1 Byte  [62]
.text          ...                                                                                                                                     
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] ntdll.dll!LdrUnloadDll                                                        76EAC8DE 5 Bytes  JMP 001603FC
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] ntdll.dll!LdrLoadDll                                                          76EB22AE 5 Bytes  JMP 001601F8
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] KERNEL32.dll!GetBinaryTypeW + 70                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!UnhookWindowsHookEx                                                7520ADF9 5 Bytes  JMP 00270A08
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!UnhookWinEvent                                                    7520B750 5 Bytes  JMP 002703FC
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWindowsHookExW                                                  7520E30C 5 Bytes  JMP 00270804
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWinEventHook                                                    752124DC 5 Bytes  JMP 002701F8
.text          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWindowsHookExA                                                  75236D0C 5 Bytes  JMP 00270600
.text          C:\Windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\atiesrxx.exe[884] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] ntdll.dll!LdrUnloadDll                                                                  76EAC8DE 5 Bytes  JMP 000803FC
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] ntdll.dll!LdrLoadDll                                                                    76EB22AE 5 Bytes  JMP 000801F8
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] KERNEL32.dll!GetBinaryTypeW + 70                                                        76DD69E4 1 Byte  [62]
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!UnhookWindowsHookEx                                                          7520ADF9 5 Bytes  JMP 00190A08
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!UnhookWinEvent                                                              7520B750 5 Bytes  JMP 001903FC
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWindowsHookExW                                                            7520E30C 5 Bytes  JMP 00190804
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWinEventHook                                                              752124DC 5 Bytes  JMP 001901F8
.text          C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWindowsHookExA                                                            75236D0C 5 Bytes  JMP 00190600
.text          C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1112] kernel32.dll!GetBinaryTypeW + 70  76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          ...                                                                                                                                     
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] ntdll.dll!LdrUnloadDll                                                                      76EAC8DE 5 Bytes  JMP 000F03FC
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] ntdll.dll!LdrLoadDll                                                                        76EB22AE 5 Bytes  JMP 000F01F8
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] KERNEL32.dll!GetBinaryTypeW + 70                                                            76DD69E4 1 Byte  [62]
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!UnhookWindowsHookEx                                                              7520ADF9 5 Bytes  JMP 00240A08
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!UnhookWinEvent                                                                    7520B750 5 Bytes  JMP 002403FC
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWindowsHookExW                                                                7520E30C 5 Bytes  JMP 00240804
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWinEventHook                                                                  752124DC 5 Bytes  JMP 002401F8
.text          C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWindowsHookExA                                                                75236D0C 5 Bytes  JMP 00240600
.text          C:\Windows\system32\atieclxx.exe[1536] kernel32.dll!GetBinaryTypeW + 70                                                                  76DD69E4 1 Byte  [62]
.text          C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1656] kernel32.dll!GetBinaryTypeW + 70                                                76DD69E4 1 Byte  [62]
.text          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe[1684] kernel32.dll!GetBinaryTypeW + 70  76DD69E4 1 Byte  [62]
.text          C:\Windows\System32\spoolsv.exe[1832] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          ...                                                                                                                                     
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] ntdll.dll!LdrUnloadDll                                                76EAC8DE 5 Bytes  JMP 000F03FC
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] ntdll.dll!LdrLoadDll                                                  76EB22AE 5 Bytes  JMP 000F01F8
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] KERNEL32.dll!GetBinaryTypeW + 70                                      76DD69E4 1 Byte  [62]
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!UnhookWindowsHookEx                                        7520ADF9 5 Bytes  JMP 00140A08
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!UnhookWinEvent                                            7520B750 5 Bytes  JMP 001403FC
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWindowsHookExW                                          7520E30C 5 Bytes  JMP 00140804
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWinEventHook                                            752124DC 5 Bytes  JMP 001401F8
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWindowsHookExA                                          75236D0C 5 Bytes  JMP 00140600
.text          C:\Program Files\SMINST\BLService.exe[2204] kernel32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] ntdll.dll!LdrUnloadDll                                                76EAC8DE 5 Bytes  JMP 000F03FC
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] ntdll.dll!LdrLoadDll                                                  76EB22AE 5 Bytes  JMP 000F01F8
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70                                      76DD69E4 1 Byte  [62]
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!UnhookWindowsHookEx                                        7520ADF9 5 Bytes  JMP 00380A08
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!UnhookWinEvent                                              7520B750 5 Bytes  JMP 003803FC
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWindowsHookExW                                          7520E30C 5 Bytes  JMP 00380804
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWinEventHook                                            752124DC 5 Bytes  JMP 003801F8
.text          C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWindowsHookExA                                          75236D0C 5 Bytes  JMP 00380600
.text          C:\Program Files\CyberLink\Shared files\RichVideo.exe[2284] kernel32.dll!GetBinaryTypeW + 70                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\Secunia\PSI\PSIA.exe[2316] kernel32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[2568] kernel32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\Explorer.EXE[2700] kernel32.dll!GetBinaryTypeW + 70                                                                            76DD69E4 1 Byte  [62]
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] ntdll.dll!LdrUnloadDll                                                                76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] ntdll.dll!LdrLoadDll                                                                  76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] KERNEL32.dll!GetBinaryTypeW + 70                                                      76DD69E4 1 Byte  [62]
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!UnhookWindowsHookEx                                                        7520ADF9 5 Bytes  JMP 00200A08
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!UnhookWinEvent                                                            7520B750 5 Bytes  JMP 002003FC
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWindowsHookExW                                                          7520E30C 5 Bytes  JMP 00200804
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWinEventHook                                                            752124DC 5 Bytes  JMP 002001F8
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWindowsHookExA                                                          75236D0C 5 Bytes  JMP 00200600
.text          C:\Windows\system32\Dwm.exe[2844] kernel32.dll!GetBinaryTypeW + 70                                                                        76DD69E4 1 Byte  [62]
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2900] kernel32.dll!GetBinaryTypeW + 70                            76DD69E4 1 Byte  [62]
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] ntdll.dll!LdrUnloadDll                                    76EAC8DE 5 Bytes  JMP 001303FC
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] ntdll.dll!LdrLoadDll                                      76EB22AE 5 Bytes  JMP 001301F8
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70                          76DD69E4 1 Byte  [62]
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!UnhookWindowsHookEx                            7520ADF9 5 Bytes  JMP 00250A08
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!UnhookWinEvent                                  7520B750 5 Bytes  JMP 002503FC
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWindowsHookExW                              7520E30C 5 Bytes  JMP 00250804
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWinEventHook                                752124DC 5 Bytes  JMP 002501F8
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWindowsHookExA                              75236D0C 5 Bytes  JMP 00250600
.text          C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrUnloadDll                                                                              76EAC8DE 5 Bytes  JMP 000803FC
.text          C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrLoadDll                                                                                76EB22AE 5 Bytes  JMP 000801F8
.text          C:\Windows\system32\svchost.exe[3436] KERNEL32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[3436] USER32.dll!UnhookWindowsHookEx                                                                      7520ADF9 5 Bytes  JMP 00180A08
.text          C:\Windows\system32\svchost.exe[3436] USER32.dll!UnhookWinEvent                                                                          7520B750 5 Bytes  JMP 001803FC
.text          C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWindowsHookExW                                                                        7520E30C 5 Bytes  JMP 00180804
.text          C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWinEventHook                                                                          752124DC 5 Bytes  JMP 001801F8
.text          C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWindowsHookExA                                                                        75236D0C 5 Bytes  JMP 00180600
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!LdrUnloadDll                                                                76EAC8DE 5 Bytes  JMP 000803FC
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!LdrLoadDll                                                                  76EB22AE 5 Bytes  JMP 5D58DFF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D                                          76DB941E 7 Bytes  JMP 5DD19773 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!QueryPerformanceCounter + 13                                              76DBC425 7 Bytes  JMP 5DD19796 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!LoadAppInitDlls + 355                                                    76DBF4E6 7 Bytes  JMP 5D595F1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!GetBinaryTypeW + 70                                                      76DD69E4 1 Byte  [62]
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!UnhookWindowsHookEx                                                        7520ADF9 5 Bytes  JMP 00090A08
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!UnhookWinEvent                                                              7520B750 5 Bytes  JMP 000903FC
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWindowsHookExW                                                          7520E30C 5 Bytes  JMP 00090804
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWinEventHook                                                            752124DC 5 Bytes  JMP 000901F8
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWindowsHookExA                                                          75236D0C 5 Bytes  JMP 00090600
.text          C:\Program Files\Mozilla Firefox\firefox.exe[3448] GDI32.dll!GetViewportOrgEx + 26C                                                      758E884B 7 Bytes  JMP 5DD196F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] ntdll.dll!LdrUnloadDll                                        76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] ntdll.dll!LdrLoadDll                                          76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] KERNEL32.dll!GetBinaryTypeW + 70                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWindowsHookEx                                7520ADF9 3 Bytes  JMP 00210A08
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWindowsHookEx + 4                            7520ADFD 1 Byte  [8B]
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWinEvent                                      7520B750 3 Bytes  JMP 002103FC
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWinEvent + 4                                  7520B754 1 Byte  [8B]
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWindowsHookExW                                  7520E30C 5 Bytes  JMP 00210804
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWinEventHook                                    752124DC 5 Bytes  JMP 002101F8
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWindowsHookExA                                  75236D0C 5 Bytes  JMP 00210600
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll                                                                        76EAC8DE 5 Bytes  JMP 000F03FC
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll                                                                          76EB22AE 5 Bytes  JMP 000F01F8
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] KERNEL32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx                                                                7520ADF9 5 Bytes  JMP 00110A08
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent                                                                    7520B750 5 Bytes  JMP 001103FC
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW                                                                  7520E30C 5 Bytes  JMP 00110804
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook                                                                    752124DC 5 Bytes  JMP 001101F8
.text          C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA                                                                  75236D0C 5 Bytes  JMP 00110600
.text          C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrUnloadDll                                                                              76EAC8DE 5 Bytes  JMP 000803FC
.text          C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrLoadDll                                                                                76EB22AE 5 Bytes  JMP 000801F8
.text          C:\Windows\system32\svchost.exe[3800] KERNEL32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[3800] USER32.dll!UnhookWindowsHookEx                                                                      7520ADF9 5 Bytes  JMP 00160A08
.text          C:\Windows\system32\svchost.exe[3800] USER32.dll!UnhookWinEvent                                                                          7520B750 5 Bytes  JMP 001603FC
.text          C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExW                                                                        7520E30C 5 Bytes  JMP 00160804
.text          C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWinEventHook                                                                          752124DC 5 Bytes  JMP 001601F8
.text          C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExA                                                                        75236D0C 5 Bytes  JMP 00160600
.text          C:\Windows\system32\svchost.exe[3812] ntdll.dll!LdrUnloadDll                                                                              76EAC8DE 5 Bytes  JMP 000F03FC
.text          C:\Windows\system32\svchost.exe[3812] ntdll.dll!LdrLoadDll                                                                                76EB22AE 5 Bytes  JMP 000F01F8
.text          C:\Windows\system32\svchost.exe[3812] KERNEL32.dll!GetBinaryTypeW + 70                                                                    76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[3812] USER32.dll!UnhookWindowsHookEx                                                                      7520ADF9 5 Bytes  JMP 00190A08
.text          C:\Windows\system32\svchost.exe[3812] USER32.dll!UnhookWinEvent                                                                          7520B750 5 Bytes  JMP 001903FC
.text          C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExW                                                                        7520E30C 5 Bytes  JMP 00190804
.text          C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWinEventHook                                                                          752124DC 5 Bytes  JMP 001901F8
.text          C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExA                                                                        75236D0C 5 Bytes  JMP 00190600
.text          C:\Program Files\AVAST Software\Avast\AvastUI.exe[3920] kernel32.dll!GetBinaryTypeW + 70                                                  76DD69E4 1 Byte  [62]
.text          C:\Program Files\Secunia\PSI\sua.exe[3952] ntdll.dll!LdrUnloadDll                                                                        76EAC8DE 5 Bytes  JMP 001003FC
.text          C:\Program Files\Secunia\PSI\sua.exe[3952] ntdll.dll!LdrLoadDll                                                                          76EB22AE 5 Bytes  JMP 001001F8
.text          C:\Program Files\Secunia\PSI\sua.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] ntdll.dll!LdrUnloadDll                                                          76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] ntdll.dll!LdrLoadDll                                                            76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] KERNEL32.dll!GetBinaryTypeW + 70                                                76DD69E4 1 Byte  [62]
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!UnhookWindowsHookEx                                                  7520ADF9 5 Bytes  JMP 00200A08
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!UnhookWinEvent                                                        7520B750 5 Bytes  JMP 002003FC
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWindowsHookExW                                                    7520E30C 5 Bytes  JMP 00200804
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWinEventHook                                                      752124DC 5 Bytes  JMP 002001F8
.text          C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWindowsHookExA                                                    75236D0C 5 Bytes  JMP 00200600
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] ntdll.dll!LdrUnloadDll                                                                    76EAC8DE 5 Bytes  JMP 000803FC
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] ntdll.dll!LdrLoadDll                                                                      76EB22AE 5 Bytes  JMP 000801F8
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] KERNEL32.dll!GetBinaryTypeW + 70                                                          76DD69E4 1 Byte  [62]
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!UnhookWindowsHookEx                                                            7520ADF9 5 Bytes  JMP 00090A08
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!UnhookWinEvent                                                                7520B750 5 Bytes  JMP 000903FC
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWindowsHookExW                                                              7520E30C 5 Bytes  JMP 00090804
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWinEventHook                                                                752124DC 5 Bytes  JMP 000901F8
.text          C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWindowsHookExA                                                              75236D0C 5 Bytes  JMP 00090600
.text          C:\Program Files\PopTray\PopTray.exe[4304] ntdll.dll!LdrUnloadDll                                                                        76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\PopTray\PopTray.exe[4304] ntdll.dll!LdrLoadDll                                                                          76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\PopTray\PopTray.exe[4304] KERNEL32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWindowsHookEx                                                                7520ADF9 3 Bytes  JMP 00210A08
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWindowsHookEx + 4                                                            7520ADFD 1 Byte  [8B]
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWinEvent                                                                      7520B750 3 Bytes  JMP 002103FC
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWinEvent + 4                                                                  7520B754 1 Byte  [8B]
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWindowsHookExW                                                                  7520E30C 5 Bytes  JMP 00210804
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWinEventHook                                                                    752124DC 5 Bytes  JMP 002101F8
.text          C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWindowsHookExA                                                                  75236D0C 5 Bytes  JMP 00210600
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] ntdll.dll!LdrUnloadDll                                        76EAC8DE 5 Bytes  JMP 000E03FC
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] ntdll.dll!LdrLoadDll                                          76EB22AE 5 Bytes  JMP 000E01F8
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] KERNEL32.dll!GetBinaryTypeW + 70                              76DD69E4 1 Byte  [62]
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!UnhookWindowsHookEx                                7520ADF9 5 Bytes  JMP 00120A08
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!UnhookWinEvent                                    7520B750 5 Bytes  JMP 001203FC
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWindowsHookExW                                  7520E30C 5 Bytes  JMP 00120804
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWinEventHook                                    752124DC 5 Bytes  JMP 001201F8
.text          C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWindowsHookExA                                  75236D0C 5 Bytes  JMP 00120600
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] ntdll.dll!LdrUnloadDll                                                76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] ntdll.dll!LdrLoadDll                                                  76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] KERNEL32.dll!GetBinaryTypeW + 70                                      76DD69E4 1 Byte  [62]
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!UnhookWindowsHookEx                                        7520ADF9 5 Bytes  JMP 00240A08
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!UnhookWinEvent                                            7520B750 5 Bytes  JMP 002403FC
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWindowsHookExW                                          7520E30C 5 Bytes  JMP 00240804
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWinEventHook                                            752124DC 5 Bytes  JMP 002401F8
.text          C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWindowsHookExA                                          75236D0C 5 Bytes  JMP 00240600
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] ntdll.dll!LdrUnloadDll                                                            76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] ntdll.dll!LdrLoadDll                                                              76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] KERNEL32.dll!GetBinaryTypeW + 70                                                  76DD69E4 1 Byte  [62]
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!UnhookWindowsHookEx                                                    7520ADF9 5 Bytes  JMP 00200A08
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!UnhookWinEvent                                                          7520B750 5 Bytes  JMP 002003FC
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWindowsHookExW                                                      7520E30C 5 Bytes  JMP 00200804
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWinEventHook                                                        752124DC 5 Bytes  JMP 002001F8
.text          C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWindowsHookExA                                                      75236D0C 5 Bytes  JMP 00200600
.text          C:\Users\Berthi\Desktop\gmer_2.1.19163.exe[5400] kernel32.dll!GetBinaryTypeW + 70                                                        76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\SearchIndexer.exe[5504] ntdll.dll!LdrUnloadDll                                                                        76EAC8DE 5 Bytes  JMP 001303FC
.text          C:\Windows\system32\SearchIndexer.exe[5504] ntdll.dll!LdrLoadDll                                                                          76EB22AE 5 Bytes  JMP 001301F8
.text          C:\Windows\system32\SearchIndexer.exe[5504] KERNEL32.dll!GetBinaryTypeW + 70                                                              76DD69E4 1 Byte  [62]
.text          C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!UnhookWindowsHookEx                                                                7520ADF9 5 Bytes  JMP 00250A08
.text          C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!UnhookWinEvent                                                                    7520B750 5 Bytes  JMP 002503FC
.text          C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWindowsHookExW                                                                  7520E30C 5 Bytes  JMP 00250804
.text          C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWinEventHook                                                                    752124DC 5 Bytes  JMP 002501F8
.text          C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWindowsHookExA                                                                  75236D0C 5 Bytes  JMP 00250600
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] ntdll.dll!LdrUnloadDll                                                        76EAC8DE 5 Bytes  JMP 001F03FC
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] ntdll.dll!LdrLoadDll                                                          76EB22AE 5 Bytes  JMP 001F01F8
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] KERNEL32.dll!GetBinaryTypeW + 70                                              76DD69E4 1 Byte  [62]
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!UnhookWindowsHookEx                                                7520ADF9 5 Bytes  JMP 00200A08
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!UnhookWinEvent                                                      7520B750 5 Bytes  JMP 002003FC
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWindowsHookExW                                                  7520E30C 5 Bytes  JMP 00200804
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWinEventHook                                                    752124DC 5 Bytes  JMP 002001F8
.text          C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWindowsHookExA                                                  75236D0C 5 Bytes  JMP 00200600
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] ntdll.dll!LdrUnloadDll                                      76EAC8DE 5 Bytes  JMP 002003FC
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] ntdll.dll!LdrLoadDll                                        76EB22AE 5 Bytes  JMP 002001F8
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] KERNEL32.dll!GetBinaryTypeW + 70                            76DD69E4 1 Byte  [62]
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!UnhookWindowsHookEx                              7520ADF9 5 Bytes  JMP 00220A08
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!UnhookWinEvent                                    7520B750 5 Bytes  JMP 002203FC
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWindowsHookExW                                7520E30C 5 Bytes  JMP 00220804
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWinEventHook                                  752124DC 5 Bytes  JMP 002201F8
.text          C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWindowsHookExA                                75236D0C 5 Bytes  JMP 00220600

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                    aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 04.10.2013 02:17
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Nachtmann 04.10.2013 07:17
Guten Morgen Schrauber
Hier die Logs
FRST mache ich wieder extra. Das Junkware Tool war ruck zuck fertig. War das O.K. oder hat da was nicht funktioniert?

Adw:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 04/10/2013 um 07:14:33
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Berthi - BERTHI-PC
# Gestartet von : C:\Users\Berthi\Downloads\adwcleaner(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\5eet01au.default\prefs.js ]


[ Datei : C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer\prefs.js ]


*************************

AdwCleaner[R10].txt - [1575 octets] - [29/09/2013 11:17:15]
AdwCleaner[R11].txt - [1636 octets] - [30/09/2013 19:39:24]
AdwCleaner[R12].txt - [1697 octets] - [02/10/2013 22:13:25]
AdwCleaner[R13].txt - [1758 octets] - [03/10/2013 17:55:04]
AdwCleaner[R14].txt - [1823 octets] - [04/10/2013 07:13:27]
AdwCleaner[R1].txt - [935 octets] - [20/09/2013 17:15:19]
AdwCleaner[R2].txt - [994 octets] - [20/09/2013 18:57:12]
AdwCleaner[R3].txt - [1775 octets] - [23/09/2013 17:24:21]
AdwCleaner[R4].txt - [1213 octets] - [23/09/2013 17:31:53]
AdwCleaner[R5].txt - [1274 octets] - [26/09/2013 17:44:48]
AdwCleaner[R6].txt - [1334 octets] - [26/09/2013 17:51:26]
AdwCleaner[R7].txt - [1394 octets] - [27/09/2013 16:48:35]
AdwCleaner[R8].txt - [1454 octets] - [27/09/2013 17:26:59]
AdwCleaner[R9].txt - [1514 octets] - [28/09/2013 11:41:46]
AdwCleaner[S0].txt - [1054 octets] - [20/09/2013 18:57:56]
AdwCleaner[S1].txt - [1842 octets] - [23/09/2013 17:26:43]
AdwCleaner[S2].txt - [1743 octets] - [04/10/2013 07:14:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1803 octets] ##########
JRT:
Code:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by Berthi on 04.10.2013 at  7:38:29,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Berthi\AppData\Roaming\mozilla\firefox\profiles\5eet01au.default\prefs.js

user_pref("extensions.greasemonkey.scriptvals.hxxp://swdyh.yu.to//AutoPagerize.cacheInfo", "{\"hxxp://wedata.net/databases/AutoPagerize/items.json\":{\"url\":\"hxxp://wedata.n



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.10.2013 at  7:45:00,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nun das FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 04-10-2013 08:04:11
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:48 - 2013-10-03 20:50 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 18:11 - 2013-10-04 07:16 - 00034420 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-04 07:02 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

==================== One Month Modified Files and Folders =======

2013-10-04 07:53 - 2013-08-27 23:58 - 01914103 _____ C:\Windows\WindowsUpdate.log
2013-10-04 07:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:24 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 07:24 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:18 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-04 07:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 07:16 - 2013-10-03 18:11 - 00034420 _____ C:\Windows\setupact.log
2013-10-04 07:15 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-04 07:02 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-03 20:50 - 2013-10-03 20:48 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 12:24 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte

Some content of TEMP:
====================
C:\Users\Berthi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 15:36

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 04.10.2013 14:47

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Nachtmann 04.10.2013 21:13
ESET LOG:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=875f10902d287545904d26100c053a7b
# engine=15359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-04 07:54:44
# local_time=2013-10-04 09:54:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 88 195457 157626356 0 0
# compatibility_mode=5893 16776574 100 94 534891 132547675 0 0
# scanned=136364
# found=0
# cleaned=0
# scan_time=18224
Sec. Check Log
Code:
Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 SpywareBlaster 5.0   
 Secunia PSI (3.0.0.7011) 
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 CCleaner   
 Java 7 Update 40 
 Java version out of Date!
 Adobe Flash Player        11.8.800.168 
 Adobe Reader XI 
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 04-10-2013 22:11:04
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 16:46 - 2013-10-04 16:46 - 00891144 _____ C:\Users\Berthi\Desktop\SecurityCheck.exe
2013-10-04 16:44 - 2013-10-04 16:44 - 02347384 _____ (ESET) C:\Users\Berthi\Desktop\esetsmartinstaller_enu.exe
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:48 - 2013-10-03 20:50 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 18:11 - 2013-10-04 14:20 - 00049492 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-04 15:21 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

==================== One Month Modified Files and Folders =======

2013-10-04 21:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 17:07 - 2013-08-27 23:58 - 01922536 _____ C:\Windows\WindowsUpdate.log
2013-10-04 16:46 - 2013-10-04 16:46 - 00891144 _____ C:\Users\Berthi\Desktop\SecurityCheck.exe
2013-10-04 16:44 - 2013-10-04 16:44 - 02347384 _____ (ESET) C:\Users\Berthi\Desktop\esetsmartinstaller_enu.exe
2013-10-04 16:11 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 15:21 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-04 14:29 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:29 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:21 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-04 14:20 - 2013-10-03 18:11 - 00049492 _____ C:\Windows\setupact.log
2013-10-04 14:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:15 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:50 - 2013-10-03 20:48 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E  D A T E  E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions                                  ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company                                    ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger                                                ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte

Some content of TEMP:
====================
C:\Users\Berthi\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 15:36

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Keine Probleme. Hatte ich ja auch nicht. Es waren die Funde die mich beunruhigt hatte. Habe bzw. hatte ich denn infizierte Dateien oder gar Viren?

Gruß Nachtmann

schrauber 05.10.2013 11:20
Da war nur Adware drauf.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Nachtmann 05.10.2013 12:36
Hi,
habe alles gemacht und habe noch Fragen:

> Du sagst, es war nur Adware. Woher weiß ich denn in Zukunft, was schädliche bzw. gefährliche Adware ist? Ich habe Deine Tipps vom letzten Mal, vor ein paar Wochen, alle befolgt. Habe alle Programme in Gebrauch, die Du empfielst und lasse sie regelmäßig durchlaufen. Ich hatte ja keine Probleme und hatte mal den AdwCleaner laufen lassen und der hatte nichts gefiunden. Dann hatte ich im Anschluß den Malwarebytes durchlaufen lassen und der findet promt 3x Adware. PANIK!!!
> Und noch was: Ich hatte Deinen Rat vom letzten Mal befolgt und Programme ausschließlich von FilePony runtergeladen. Benutzerdeff. Die Haken bei den Tools entfernt u.s.w. Aber promt hatte ich wieder zwei AddOns mitinstalliert und wieder Pup.optional auf dem System. (Den Fall hatte Dein Kollege bearbeitet. Waren schnell durch, weil es auch "nur" Adware war.) Wie vorsichtig soll man denn noch sein? Und woher weiß ich in Zukunft, wenn Malwarebytes infizierte Dateien finden, dass es "nur" Adware ist?

Gruß Nachtmann

schrauber 05.10.2013 19:31
Das ist dein Fund von Malwarebytes:

Zitat:
C:\Users\Berthi\Downloads\VideoDownloadConvert.exe
Wo ist der Download her? So Sachen liefern zu 90% Müll mit. PUP in der BEschreibung des Fundes heisst Potenziell unerwünschtes Programm. Also Adware, Toolbar oder Fehlalarm, weil das Prog eben etwas ähnliches mitliefern könnte.

Nachtmann 06.10.2013 11:38
Hi,
ich habe mir mal den Shark007 runtergeladen. Audio/Video Codecs und so. Evtl. ist dadurch diese Download Datei entstanden!? Könnte das sein?

Na ja, wie auch immer. Jedenfalls war ich immer extrem vorsichtig. Dachte ich jedenfalls.

Gruß Nachtmann

schrauber 06.10.2013 16:46
Naja genau der Download enthält halt die Adware. Lösche den Download.

Nachtmann 06.10.2013 22:05
habe den Download im Downloadordner schon gelöscht


so, ich denke, das wars dann, oder. Habe jedenfalls keine Pobleme mehr. Ich danke Dir für alles.

Tschö, Nachtmann

schrauber 07.10.2013 10:56
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131