Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis" (https://www.trojaner-board.de/145426-trojan-dropper-windows-7-64bit-version-datev-verzeichnis.html)

Joachim_78 01.12.2013 14:54
TROJAN.Dropper unter Windows 7,64bit Version im "Datev-Verzeichnis"
 
Hallo zusammen,

ich bin neu hier in diesem Forum, habe bisher immer positive Erfahrungen mit eurem Forum gesammelt und eure Tipps haben mir schon oft geholfen. Nun zu meinem Problem:

Ich habe einen Laptop mit Windows 7, 64 bit Version und habe seit ein paar Wochen Leistungseinbusen bemerkt, zudem hat sich immer öfter meine Firewall und mein Avira Professional Programm deaktiviert oder teilweise wurden Funktionen abgeschaltet.

Nach der Installation von IObit Malware Fighter v2.2 wurde mir der Übeltäter in folgendem Ordner entlarvt:

D:\DATEV\PROGRAMM\K0000220\SaparionStarter.exe

Ich darf anmerken, dass mir Avira bei jedem Scan nie einen Hinweis auf Maleware oder eine Infektion gegeben hat. Lediglich ein Hinweis auf "versteckte Ordner".

Ich brauche Hilfe um dieses Sicherheitsproblem zu bekämpfen und hoffentlich zu lösen.

Wie habe ich vorzugehen bzw welche Programme sind zu installieren oder vorher zu löschen um euch die Arbeit zu erleichtern?

schrauber 01.12.2013 15:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Joachim_78 01.12.2013 19:13
Hier das erste Log-File:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 01-12-2013 15:50:51
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\firefox.exe
(Microsoft Corporation) D:\Programme\MSOffice2007\Office12\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-01] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Advanced SystemCare Ultimate] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [512384 2012-11-07] (IObit)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [288352 2012-08-30] (DATEV eG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1574208 2013-11-13] (IObit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL =
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL =
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL =
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\firefox.exe

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePluginFor6.crx

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [1051088 2012-12-13] (IObit)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [623936 2013-07-08] (IOBit)
R3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
U3 aki1np6w; C:\Windows\System32\Drivers\aki1np6w.sys [0 ] (Microsoft Corporation)
U0 dmboot;
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 15:50 - 2013-12-01 15:52 - 00017327 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 15:49 - 2013-12-01 15:50 - 01959184 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-01 13:41 - 2013-12-01 13:41 - 00003170 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-01 13:41 - 2013-12-01 13:41 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-01 13:41 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:33 - 2013-12-01 13:28 - 00000286 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-12-01 11:33 - 2013-12-01 11:33 - 00003220 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-12-01 11:33 - 2013-12-01 11:33 - 00002582 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-12-01 11:33 - 2013-12-01 11:33 - 00001110 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-12-01 11:33 - 2013-12-01 11:33 - 00001100 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-12-01 11:33 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:18 - 2013-11-24 19:18 - 00001311 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-24 19:17 - 2013-11-24 19:18 - 00003112 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:16 - 2013-12-01 11:33 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-11-24 19:16 - 2013-12-01 11:33 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-24 19:16 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 19:16 - 2013-11-24 19:16 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-11-24 19:14 - 2013-11-24 19:14 - 24964008 _____ (IObit                                                      ) C:\Users\Joachim\Downloads\imf-22setup.exe
2013-11-24 18:47 - 2013-11-24 19:03 - 00004262 _____ C:\Windows\PFRO.log
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:04 - 2013-12-01 13:28 - 00001279 _____ C:\Windows\setupact.log
2013-11-22 16:04 - 2013-11-22 16:05 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:09 - 2013-11-15 04:10 - 00000000 ____D C:\Windows\rescache
2013-11-15 03:13 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 03:13 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 03:13 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 03:13 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 03:13 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 03:13 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 03:13 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 03:13 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 03:13 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 03:13 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 03:13 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 03:13 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:42 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:42 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:42 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:41 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:41 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:41 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-01 15:14 - 2013-11-01 15:23 - 00004879 _____ C:\Users\Joachim\AppData\Local\EmptySettings.xml

==================== One Month Modified Files and Folders =======

2013-12-01 15:52 - 2013-12-01 15:50 - 00017327 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 15:50 - 2013-12-01 15:49 - 01959184 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-01 15:40 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 15:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 13:41 - 2013-12-01 13:41 - 00003170 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-01 13:41 - 2013-12-01 13:41 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-01 13:36 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:36 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:29 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-01 13:28 - 2013-12-01 11:33 - 00000286 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-12-01 13:28 - 2013-11-22 16:04 - 00001279 _____ C:\Windows\setupact.log
2013-12-01 13:28 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 13:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 13:27 - 2009-07-14 06:10 - 01826311 _____ C:\Windows\WindowsUpdate.log
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 13:18 - 2009-07-14 18:58 - 24001546 _____ C:\Windows\system32\perfh007.dat
2013-12-01 13:18 - 2009-07-14 18:58 - 07764278 _____ C:\Windows\system32\perfc007.dat
2013-12-01 13:18 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 11:38 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:35 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-01 11:33 - 2013-12-01 11:33 - 00003220 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-12-01 11:33 - 2013-12-01 11:33 - 00002582 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-12-01 11:33 - 2013-12-01 11:33 - 00001110 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-12-01 11:33 - 2013-12-01 11:33 - 00001100 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-12-01 11:33 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-01 11:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:18 - 2013-11-24 19:18 - 00001311 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-24 19:18 - 2013-11-24 19:17 - 00003112 _____ C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:17 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 19:17 - 2013-04-13 18:35 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Apple Computer
2013-11-24 19:16 - 2013-11-24 19:16 - 00001175 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-11-24 19:16 - 2012-01-28 17:08 - 00000000 ____D C:\Users\Joachim\AppData\Local\Google
2013-11-24 19:14 - 2013-11-24 19:14 - 24964008 _____ (IObit                                                      ) C:\Users\Joachim\Downloads\imf-22setup.exe
2013-11-24 19:03 - 2013-11-24 18:47 - 00004262 _____ C:\Windows\PFRO.log
2013-11-24 18:56 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\Origin
2013-11-24 18:47 - 2013-06-26 19:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-24 18:45 - 2011-05-30 09:32 - 00007459 _____ C:\ProgramData\hpzinstall.log
2013-11-24 18:19 - 2011-05-30 09:40 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-24 18:18 - 2011-03-06 10:39 - 00000000 ____D C:\Program Files (x86)\Lexware
2013-11-24 18:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-11-24 18:17 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla
2013-11-24 18:17 - 2012-04-04 18:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-24 18:15 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:05 - 2013-11-22 16:04 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 15:56 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-11-22 15:45 - 2010-11-12 17:12 - 00000000 ____D C:\Users\Joachim\AppData\Local\Adobe
2013-11-22 15:44 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 15:44 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 15:44 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:10 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-11-15 03:32 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-11-15 03:13 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 03:10 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 03:03 - 2010-11-15 06:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 23:00 - 2010-11-21 11:46 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-12 13:01 - 2013-03-25 13:36 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-12 13:01 - 2013-03-25 13:36 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-11 05:50 - 2010-11-09 12:24 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-01 15:23 - 2013-11-01 15:14 - 00004879 _____ C:\Users\Joachim\AppData\Local\EmptySettings.xml
2013-11-01 14:03 - 2012-08-24 20:12 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Lightroom

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-22 16:44

==================== End Of Log ============================
--- --- ---

--- --- ---


und hier der Bericht "Addition-Editor":FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Joachim at 2013-12-01 15:53:20
Running from C:\Users\Joachim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Advanced SystemCare Ultimate (Enabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
6300 (x32 Version: 130.0.365.000)
6300_Help (x32 Version: 82.0.242.000)
6300Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Advanced SystemCare Ultimate 6 (x32 Version: 6.1.0)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
ATI Catalyst Control Center (x32 Version: 2.010.0122.0857)
Avira Internet Security (x32 Version: 14.0.1.749)
B1315AppGuid (x32 Version: 1.0.0)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002)
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002)
CCC Help Danish (x32 Version: 2010.0122.0857.16002)
CCC Help Dutch (x32 Version: 2010.0122.0857.16002)
CCC Help English (x32 Version: 2010.0122.0857.16002)
CCC Help Finnish (x32 Version: 2010.0122.0857.16002)
CCC Help French (x32 Version: 2010.0122.0857.16002)
CCC Help German (x32 Version: 2010.0122.0857.16002)
CCC Help Italian (x32 Version: 2010.0122.0857.16002)
CCC Help Japanese (x32 Version: 2010.0122.0857.16002)
CCC Help Korean (x32 Version: 2010.0122.0857.16002)
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002)
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002)
CCC Help Russian (x32 Version: 2010.0122.0857.16002)
CCC Help Spanish (x32 Version: 2010.0122.0857.16002)
CCC Help Swedish (x32 Version: 2010.0122.0857.16002)
ccc-core-static (x32 Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2010.0122.858.16002)
CCleaner (Version: 4.05)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ConvertXtoDVD 3.0.0.7 (x32 Version: 3.0.0.7)
Copy (x32 Version: 130.0.428.000)
Crystal Reports Runtime XI (x32 Version: 1.0.9)
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0)
DATEV Installation V.3.0 (x32)
Dell Dock (Version: 2.0)
Dell Dock (x32)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.0.5744.02)
Dell Touchpad (Version: 7.1102.101.101)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DFL2010 ConfigDB (x32 Version: 4.17.3326.0)
DFL2010 Microkernel (x32 Version: 4.17.3326.0)
DocProc (x32 Version: 13.0.0.0)
Driver Booster (x32 Version: 1.0)
Fax (x32 Version: 130.0.418.000)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
Haufe iDesk-Service (x32 Version: 11.07.19.8023)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 4.5.0.001)
HTC Sync (x32 Version: 3.3.63)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
IObit Malware Fighter (x32 Version: 2.2)
IPTInstaller (x32 Version: 4.0.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Lexware Admintools Plus (x32 Version: 12.00.00.0116)
Lexware buchhalter 2013 (x32 Version: 18.00.00.0090)
Lexware Datenbank plus 2012 (x32 Version: 12.00.00.0116)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 German Language Pack (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XML Parser (x32 Version: 8.70.1104.04)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PowerDVD DX (x32 Version: 8.3.6029)
Quickset64 (Version: 9.6.18)
Ravensburger tiptoi (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083)
RENESIS® Player Browser Plugins (x32 Version: 1.1.1)
Scan (x32 Version: 13.0.0.0)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0)
Skins (x32 Version: 2010.0122.858.16002)
Smart Defrag 2 (x32 Version: 2.9)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.5000.00)
Status (x32 Version: 130.0.469.000)
TAXMAN 2010 (x32 Version: 16.11.00.0005)
TAXMAN 2011 (x32 Version: 17.03.00.0008)
TAXMAN 2012 (x32 Version: 18.07.00.0008)
TAXMAN 2013 (x32 Version: 19.06.00.0003)
TAXMAN Bibliothek 2010 (x32 Version: 16.0.1.0)
TAXMAN Bibliothek 2011 (x32 Version: 17.10.0.0)
TAXMAN Bibliothek 2012 (x32 Version: 18.1.0.0)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UseNeXT by Tangysoft (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WebReg (x32 Version: 130.0.132.017)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR (x32)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-07 19:43 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {002ECE06-B672-4BF0-8AB3-1DB2C9033B76} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {0DBB5AFD-DF1A-4FF3-A62E-307F45DB8DCE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {0FA4C614-B71C-4581-99CD-53412052A3E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1939E4F7-C954-43C7-BF73-672D00CEA55E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {3D98D957-476A-453C-AAD2-95A7D4F9CE2D} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2013-07-06] (IObit)
Task: {3E67146D-AF75-40EE-8403-9515A16EC4AE} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {3E6B16AB-7040-4BCD-A09A-861237B7FFF1} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {4367099A-B7FD-4E21-B3C4-E7C67B07CC72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {45BE23A1-BC23-408F-B144-4D37D6E31644} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {65258A2C-A505-4398-9A4B-47B5B78E9CBF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => D:\Programme\TuneUp2010\OneClick.exe
Task: {6673DD92-8A96-4386-B1A1-C6F6667F4003} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: {6AE2FE40-D4EA-4F6A-BD85-088351D520D3} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {785D745C-FAC4-4440-B10C-A0472A86395B} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {8F1B1323-E808-4D13-B1E6-3D9E909A12B9} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {9244FB39-3578-4BE7-BB12-C33988A236B2} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {94050AA7-C45B-4F34-83AC-34CEC0D233F4} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe
Task: {9644DBCC-B95C-4E48-A938-19448D04853B} - System32\Tasks\Update Manager => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {A1D542C2-71E7-4DAC-A128-C88FC146DE4C} - System32\Tasks\{374D2BF7-493A-4394-9FA4-5366C294F8D1} => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {D5C178C9-7D82-4E10-95DD-C76E1AAC095C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Task: {D88D7AA3-B5BE-4BAB-AA7C-8362D308838E} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {DD65AA1E-BF3D-4922-AE46-20D01966E301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28] (Google Inc.)
Task: {EE40A4C5-19C4-4996-A3C5-BAD93016E1F3} - System32\Tasks\D1234567\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-05-26 14:11 - 2009-07-17 17:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-08-15 02:42 - 2013-08-15 02:42 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\f5fe42a11e1c0e9d19b251f0d4ed57ce\VistaBridgeLibrary.ni.dll
2010-03-08 17:02 - 2010-03-08 17:02 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-26 14:08 - 2010-05-26 14:08 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-24 19:17 - 2012-04-14 15:41 - 00217944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\bdfltlib.dll
2012-10-10 19:27 - 2012-10-10 19:16 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-24 19:17 - 2012-11-01 10:21 - 00350592 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2013-11-24 19:17 - 2012-11-01 10:21 - 00182656 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2013-11-24 19:17 - 2012-11-01 10:21 - 00050048 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00348992 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00183616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2013-12-01 11:33 - 2013-08-02 17:07 - 00051008 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2013-11-24 19:17 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00109056 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 00010240 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 10:58 - 2013-09-03 10:58 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-24 19:16 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2013-11-24 19:16 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2013-11-24 19:16 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-11-24 19:16 - 2013-11-01 09:49 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-11-24 19:16 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2013-11-24 19:16 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-11-24 19:16 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-10-10 19:27 - 2011-10-11 20:03 - 00447848 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\libxml2.dll
2012-10-10 19:27 - 2011-10-11 20:03 - 00060264 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\cares.dll
2013-12-01 11:33 - 2013-09-11 19:06 - 00048960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
2013-08-20 16:24 - 2013-08-20 16:24 - 03551640 _____ () C:\Program Files (x86)\Mozilla\mozjs.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () D:\Programme\MSOffice2007\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () D:\Programme\MSOffice2007\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 19:18 - 2011-05-26 19:18 - 00136536 _____ () D:\Programme\MSOffice2007\Office12\OUTLCTL.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 01:17:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 11:59:18 AM) (Source: Application Hang) (User: )
Description: Programm OUTLOOK.EXE, Version 12.0.6680.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1488

Startzeit: 01ceee844ad5184c

Endzeit: 37

Anwendungspfad: D:\PROGRA~1\MSOFFI~1\Office12\OUTLOOK.EXE

Berichts-ID: 97cbcd46-5a77-11e3-908c-c44619e706b7

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/01/2013 11:31:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/29/2013 04:18:56 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (12/01/2013 01:46:00 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/01/2013 01:27:05 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/01/2013 01:07:53 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (12/01/2013 11:33:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/01/2013 11:33:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/01/2013 11:27:19 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 04:17:22 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 01:29:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎11.‎2013 um 12:24:09 unerwartet heruntergefahren.

Error: (11/29/2013 00:08:05 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/29/2013 09:55:08 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office Sessions:
=========================
Error: (12/29/2012 07:27:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 395 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/31/2012 07:07:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/03/2012 00:43:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 81 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 3956.54 MB
Available physical RAM: 1307.19 MB
Total Pagefile: 7911.26 MB
Available Pagefile: 674.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:6.95 GB) NTFS
Drive d: (Privat) (Fixed) (Total:397.3 GB) (Free:183.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6F492B7E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=397 GB) - (Type=OF Extended)

==================== End Of Log ============================
--- --- ---

schrauber 02.12.2013 11:34
Hi,

ist das ein Firmenrechner? Wegen Datev. Wenn ja, spezielle Regeln dazu hast Du gelesen?

Lass die angemeckerte Datei bitte mal bei www.virustotal.com scannen, poste den Link zum Ergebnis.

Joachim_78 02.12.2013 19:51
Hallo Schrauber,

die Datei gibt es mit dem angegebenen Namen nicht. Wie kann ich den von dir geforderten Scan trotzdem ausführen?

Zu deiner Frage: "Firmen-Laptop" da Datev, nein ist kein Firmen-Lapi sondern meiner Privat. Ich habe die Datev Software noch für meine Altbestandskunden die mir seit mehrern Jahren die Treue halten, bin aber Hauptberuflich in der Industrie tätig. Ist das der Hilfeleistung abträglich?

Gruß Joachim

schrauber 03.12.2013 11:45
Nö. Es gibt nur Regeln bezgl Firmenrechnern die eine eigene IT Abteilung haben (die werden bezahlt ;) ).

Zitat:
D:\DATEV\PROGRAMM\K0000220\SaparionStarter.exe
Diese Datei kannst DU nicht finden? Dann öffne bitte IOBIT (wieso nutzt man sowas :confused: ) und lass die Datei aus der Quarantäne.

Joachim_78 03.12.2013 20:23
Hallo Schrauber,

die URL zum Scanergebnis:
https://www.virustotal.com/de/file/542efbe109cd6352ff499aa1080dd13251dd7a1751b7c5afa883b3b6e0dacddc/analysis/1386087538/

Ich bin jetzt verwundert warum die Datei ohne Hinweis auf einen Trojaner überprüft wurde. Ich habe gestern Abend extrem gemerkt welche Leistungseinbusen am Rechner ich hatte: Ich habe mir den Leistungsmonitor von Windoof anzeigen lassen. Ohne geöffnete Programme bin ich bei 27% CPU Leistung, 42% RAM und 0-2% Festplatte.

Als ich gestern im Internet unterwegs war (1 TV-Sender online angeschaut, geöffnetes Outlook Programm um Mails zu beantworten und eine geöffnete Excel Datei) verlangsamte sich die Leistung des Laptops nach 30 min fast im Minutentakt. CPU stieg und stieg bis er bei 100% war, RAM stieg auch bis auf 90% und dann kam die Sicherheitsabschaltung von Windoof..

Ich hoffe diese Informationen sind hilfreich.

Hier ist noch mein Ergebnis von Mailwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.12.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Joachim :: JOACHIM-LAPTOP [Administrator]

03.12.2013 17:43:35
mbam-log-2013-12-03 (17-43-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 453798
Laufzeit: 2 Stunde(n), 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Kannst du mir trotzdem sagen warum mein PC soviel Leistung im Leerlauf verbraucht? Oder was ich tun kann?

Gruß Joachim

schrauber 04.12.2013 11:50
Zitat:
Ich bin jetzt verwundert warum die Datei ohne Hinweis auf einen Trojaner überprüft wurde. Ich habe gestern Abend extrem gemerkt welche Leistungseinbusen am Rechner ich hatte: Ich habe mir den Leistungsmonitor von Windoof anzeigen lassen. Ohne geöffnete Programme bin ich bei 27% CPU Leistung, 42% RAM und 0-2% Festplatte.
Das muss ja nit unbedingt zusammen hängen. Die Datei ist auf jeden Fall sauber, das ist ein Fehlalarm von IOBIT.


ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

Joachim_78 04.12.2013 20:40
Hallo Schrauber,
das Programm Process Explorer stürzt regelmäßig ab und muss durch Windoof beendet werden. Seit dem letzten Neustart verfüge ich komischerweise nicht mehr über die Berechtigung Mozilla Firefox öffnen zu dürfen "Wenden Sie sich an den Admin"

Die Windoof Firewall wird bei jedem Neustart deaktiviert, jetzt eben ist der Avira Desktop deaktiviert und soll wieder aktiviert werden. Was ist mit dem Laptop los? Gibt es eine Lösung?

schrauber 05.12.2013 12:16
Poste bitte nochmal ein frisches FRST log.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Joachim_78 05.12.2013 12:38
Hallo Schrauber,

hier der aktuelle Scan FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 05-12-2013 12:36:18
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Users\Joachim\Downloads\mozilla firefox setup.exe
() C:\Users\Joachim\AppData\Local\Temp\DM_6GTYjPDldI\DownloadManager.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(DealPly Technologies Ltd.) C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
() C:\Users\Joachim\AppData\Local\Temp\{0E503A0C-7CE8-4E43-A01B-152DDE146C5E}\files\uninst.exe
(DealPly Technologies Ltd) C:\Users\Joachim\AppData\Local\Temp\{0E503A0C-7CE8-4E43-A01B-152DDE146C5E}\o-update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Users\Joachim\AppData\Local\Temp\GUM983.tmp\DealPlyLive.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Microsoft Corporation) D:\Programme\MSOffice2007\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-01] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [Del56556914] - cmd.exe /Q /D /c del "C:\Users\Joachim\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del56556914] - cmd.exe /Q /D /c del "C:\Users\Joachim\AppData\Local\Temp\0.del"
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [DisallowRun] 1
HKCU\...\Policies\Explorer\DisallowRun: [1] firefox.exe
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DATEV Update-Monitor] - D:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [288352 2012-08-30] (DATEV eG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1316640 2013-11-25] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1008928 2013-11-25] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL =
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll (weDownload)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: weDownload Manager Pro - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Amazon-Icon - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\amazon-icon@giga.de
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: DealPly  Shopping - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (weDownload Manager Pro) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joachim\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [1735968 2013-11-25] (Conduit)
R3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-12-05] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-12-05] (DealPly Technologies Ltd)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 a6a148r2; C:\Windows\System32\Drivers\a6a148r2.sys [0 ] (Microsoft Corporation)
U0 dmboot;
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 12:35 - 2013-12-05 12:35 - 01959766 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-05 12:35 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-05 12:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-05 12:33 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-12-05 12:28 - 2013-12-05 12:33 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-12-05 12:28 - 2013-12-05 12:28 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:27 - 2013-12-05 12:28 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 20:19 - 2013-12-04 20:19 - 01108616 _____ C:\Windows\Minidump\120413-18704-01.dmp
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:09 - 2013-12-04 19:22 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-03 20:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:27 - 2013-12-03 20:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:25 - 2013-12-03 20:33 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-03 17:48 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:53 - 2013-12-01 15:55 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-05 12:36 - 00020637 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:16 - 2013-12-04 09:33 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-24 19:16 - 2013-12-03 17:45 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-11-24 19:16 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\IObit
2013-11-24 18:47 - 2013-12-04 20:45 - 00006412 _____ C:\Windows\PFRO.log
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:04 - 2013-12-04 20:45 - 00001895 _____ C:\Windows\setupact.log
2013-11-22 16:04 - 2013-11-22 16:05 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 04:09 - 2013-12-04 21:30 - 00000000 ____D C:\Windows\rescache
2013-11-13 17:43 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:42 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:42 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:42 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 17:41 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:41 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:41 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 15:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 15:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 15:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

==================== One Month Modified Files and Folders =======

2013-12-05 12:36 - 2013-12-01 15:50 - 00020637 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-05 12:35 - 2013-12-05 12:35 - 01959766 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:35 - 2013-12-05 12:29 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:33 - 2013-12-05 12:28 - 00000908 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-12-05 12:33 - 2013-12-05 12:28 - 00000904 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-12-05 12:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 12:33 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-05 12:32 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-05 12:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00003904 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-12-05 12:28 - 2013-12-05 12:28 - 00003652 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:28 - 2013-12-05 12:27 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-05 12:26 - 2009-07-14 18:58 - 24136294 _____ C:\Windows\system32\perfh007.dat
2013-12-05 12:26 - 2009-07-14 18:58 - 07808522 _____ C:\Windows\system32\perfc007.dat
2013-12-05 12:26 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 12:25 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 12:24 - 2013-03-25 13:36 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-05 06:40 - 2009-07-14 06:10 - 02073110 _____ C:\Windows\WindowsUpdate.log
2013-12-04 21:30 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-12-04 20:55 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 20:55 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 20:47 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-04 20:46 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 20:45 - 2013-11-24 18:47 - 00006412 _____ C:\Windows\PFRO.log
2013-12-04 20:45 - 2013-11-22 16:04 - 00001895 _____ C:\Windows\setupact.log
2013-12-04 20:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 20:19 - 2013-12-04 20:19 - 01108616 _____ C:\Windows\Minidump\120413-18704-01.dmp
2013-12-04 20:19 - 2013-05-09 03:52 - 00000000 ____D C:\Windows\Minidump
2013-12-04 19:22 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:19 - 2010-11-09 10:32 - 00000000 ____D C:\Users\Joachim
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-04 09:38 - 2010-11-09 10:38 - 00001331 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 09:36 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-12-04 09:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-04 09:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:33 - 2013-12-03 20:25 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 20:27 - 2013-12-03 20:27 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:27 - 2013-12-03 20:27 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:27 - 2013-12-03 20:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 17:54 - 2011-12-30 19:41 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-03 17:54 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:48 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 21:25 - 2010-11-11 09:29 - 00000000 ____D C:\Users\Joachim\AppData\Local\Mozilla
2013-12-01 15:55 - 2013-12-01 15:53 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-11-24 19:17 - 2013-11-24 19:17 - 00000000 ____D C:\IObit
2013-11-24 19:17 - 2013-04-13 18:35 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Apple Computer
2013-11-24 19:16 - 2012-01-28 17:08 - 00000000 ____D C:\Users\Joachim\AppData\Local\Google
2013-11-24 18:56 - 2013-03-30 14:33 - 00000000 ____D C:\ProgramData\Origin
2013-11-24 18:47 - 2013-06-26 19:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-24 18:46 - 2013-11-24 18:46 - 00000085 _____ C:\Windows\wininit.ini
2013-11-24 18:45 - 2011-05-30 09:32 - 00007459 _____ C:\ProgramData\hpzinstall.log
2013-11-24 18:19 - 2011-05-30 09:40 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-24 18:18 - 2011-03-06 10:39 - 00000000 ____D C:\Program Files (x86)\Lexware
2013-11-24 18:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-11-24 18:17 - 2012-04-04 18:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 16:08 - 2013-11-22 16:08 - 00101016 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-22 16:05 - 2013-11-22 16:04 - 00399592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-22 16:04 - 2013-11-22 16:04 - 00000000 _____ C:\Windows\setuperr.log
2013-11-22 15:45 - 2010-11-12 17:12 - 00000000 ____D C:\Users\Joachim\AppData\Local\Adobe
2013-11-22 15:44 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 15:44 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 15:44 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 14:29 - 2013-11-16 14:29 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\DokOrg
2013-11-15 03:32 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-11-15 03:13 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 03:10 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 03:03 - 2010-11-15 06:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 23:00 - 2010-11-21 11:46 - 00004276 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-12 13:01 - 2013-03-25 13:36 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-11 05:50 - 2010-11-09 12:24 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
C:\Users\Joachim\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Joachim\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Joachim\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe
C:\Users\Joachim\AppData\Local\Temp\nsi57F4.exe
C:\Users\Joachim\AppData\Local\Temp\nsy7CE3.exe
C:\Users\Joachim\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\sdapskill.exe
C:\Users\Joachim\AppData\Local\Temp\sp_downloader.exe
C:\Users\Joachim\AppData\Local\Temp\SwiftBrowse_s3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-04 21:22

==================== End Of Log ============================
--- --- ---

schrauber 06.12.2013 09:43
und MBAR?

Joachim_78 06.12.2013 11:38
Hallo Schrauber,

ich habe jetzt gestern 2 mal den mbar laufen lassen. Einmal hat er was gefunden und auch gleich behoben. Habe dann den Laptop neu gestartet und suche wiederholt "ohne Befund"
Jetzt meine Frage: Wo finde ich die txt. Datei die ich hier posten sollte. Ist die im Programmverzeichnis zu finden welches ich während der Installation angelegt habe oder wo speichert er die ab?

Gruß Joachim

schrauber 07.12.2013 11:32
Zitat:
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.
:).

Joachim_78 08.12.2013 13:06
Hallo Schrauber,

wo finde ich diese txt Datei von mbar?

schrauber 08.12.2013 16:43
Du hast MBAr geladen, dann hast Du es entpackt. In einen Ordner, warscheinlich auf dem Desktop oder in deinem Download Ordner.

Von Wo hast Du die MBar.exe gestartet? Genau dort liegt auch das Logfile, steht doch auch genau so oben :)

Joachim_78 08.12.2013 17:53
Der mbar findet nichts mehr. Ich wollte die txt posten habe aber keine txt im Programmordner gefunden bevor ich den letzten Part vom Rootkit gestartet habe mit dem CleanUp.
Jetzt ist der Scan ohne Befund verlaufen.

Trotzdem ist der Rechner noch gleich langsam mir gehen die Ideen aus?

Gruß Joachim

schrauber 09.12.2013 09:22
Dann sind wir schon zwei :)

Beschreib bitte wann er langsam ist:

Nur beim Start?
Allgemein?
Oder nur Internet-Bezogen?

Joachim_78 09.12.2013 20:19
Hallo Schrauber,

es schaltet sich immer noch die Windows Firewall ohne Grund aus. Die Langsamkeit ist in der Ausführung und Öffnung der Programme zu spüren. Es dauert z. B. Excel Öffnung knapp 20 sekunden ebenso ein betrie0bsbereites Outlook.

Hier ist die txt vom mbar:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148731904, free: 1709436928

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 4148731904, free: 1692930048

Downloaded database version: v2013.12.08.01
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
12/08/2013 13:20:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spoq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\System32\Drivers\a6a148r2.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\c:\program files\dell support center\pcdsrvc_x64.pkms
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c68060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80049d6060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c68060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80049d6060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800686c980
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c68060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b08960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c68060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049d6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0135fd130, 0xfffffa8004c68060, 0xfffffa80060fc790
Lower DeviceData: 0xfffff8a0037e7da0, 0xfffffa80049d6060, 0xfffffa800686c980
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6F492B7E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 20480000
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 20686848 Numsec = 122880000

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 143566848 Numsec = 833204224

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
=======================================

schrauber 10.12.2013 10:44
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Joachim_78 13.12.2013 15:01
Hallo Schrauber,
hier die emsi Datei:

Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000114
1 valid drive(s) found.

Details for Disk 0 - TOSHIBA MK5065GSX Rev GJ002D:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 60801/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31

Joachim_78 13.12.2013 15:04
Anhang 62937

Hier die Zip Datei

schrauber 14.12.2013 07:14
Hm, alles gut. Immer noch so enorme Probleme?

Joachim_78 16.12.2013 18:28
Ich finde die Zugriffszeiten für das Öffnen der Programme immer so lange ich habe keine Ahnung was ich dagegen tun kann.
Ich finde auch 100 laufende Prozesse sehr viel für Windows 7.
Was kann ich denn zur Analyse noch tun oder sollte ich mal Office 2007 oder 2010 installieren um wieder brauchbare Arbeitsgeschwindigkeiten zu erhalten?
Gruß Joachim

PS: Gibt es ein sinvolles Tool um sich die Leistungsfähigkeit anzeigen zu lassen die ein "Normalanwender" auch interpretieren kann?

schrauber 17.12.2013 10:26
Der oben angegebene Prozess explorer gibt eigentlich genug Info, sonst kenn ich da auch kein Tool.

Poste bitte nochmal ein frisches FRST log.

Joachim_78 26.12.2013 19:11
Hallo Schrauber,

sorry ich kam beruflich und Feiertags bedingt nicht eher zum antworten.

So ich habe mal meinen Explorer durchforstet und habe festgestellt das ich viele SVChost Dienst laufen habe (Ohne geöffnete Programme) sind denn knapp 90 Dienste normal?

und hier das frische Logfile FRST:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by Joachim (administrator) on JOACHIM-LAPTOP on 26-12-2013 19:08:14
Running from C:\Users\Joachim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(DATEV eG) D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [DisallowRun] 1
MountPoints2: {1ffb5cc8-0052-11e0-8faa-b8ac6f66b16a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0D29E607-2FCA-4D96-99ED-8098D330F736&q={searchTerms}&SSPV=
SearchScopes: HKCU - {74EF697D-5C43-4F02-8E67-5997B44D67DA} URL =
SearchScopes: HKCU - {F1DCC761-246A-4D46-A4A1-2CDD6183FF35} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - DMS Schnellsuche - {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default
FF Homepage: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: weDownload Manager Pro - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
FF Extension: Ads Removal - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\adsremoval@adsremoval.net
FF Extension: Amazon-Icon - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\amazon-icon@giga.de
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\maps@ovi.com
FF Extension: Adblock Plus - C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\pbc19xo6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (weDownload Manager Pro) - C:\Users\Joachim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Joachim\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-19] (Avira Operations GmbH & Co. KG)
S3 DATEV Update-Service; D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [157792 2012-07-03] (DATEV eG)
R2 DatevPrintService; D:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [87040 2012-06-14] (DATEV eG)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
S3 Datev.Database.Conserve; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
R2 Datev.Framework.RemoteServiceModel.EnablerService; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
R3 Datev.Framework.RemoteServices; D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 MSSQLFDLauncher$DATEV_DBENGINE; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.DATEV_DBENGINE [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-11-11] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-15] (Avira GmbH)
R1 avfwot; C:\Windows\SysWow64\DRIVERS\avfwot.sys [131336 2011-06-28] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-11-11] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 as4l5ynh; C:\Windows\System32\Drivers\as4l5ynh.sys [0 ] (Microsoft Corporation)
U0 dmboot;
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 19:08 - 2013-12-26 19:08 - 00015772 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-26 19:07 - 2013-12-26 19:07 - 00000000 ____D C:\Users\Joachim\Downloads\FRST-OlderVersion
2013-12-19 18:48 - 2013-12-19 18:48 - 00000030 _____ C:\Users\Joachim\AppData\Roaming\WB.CFG
2013-12-16 22:18 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Users\Joachim\Desktop\conhost.exe
2013-12-16 21:51 - 2013-12-16 21:51 - 00540072 _____ (Neuber Software) C:\Users\Joachim\Downloads\SvchostAnalyzer.exe
2013-12-16 18:48 - 2013-12-16 18:48 - 00000000 ____D C:\ProgramData\NovaTech Network
2013-12-16 18:39 - 2013-12-16 18:39 - 00000000 ____D C:\Program Files (x86)\Novawave
2013-12-16 18:37 - 2013-12-16 18:37 - 12256936 _____ (Novawave Inc.                                              ) C:\Users\Joachim\Downloads\novabench3.exe
2013-12-13 14:59 - 2013-12-13 14:59 - 00000597 _____ C:\Users\Joachim\Desktop\MBRMastr_2013.12.13_14.59.09.txt
2013-12-13 14:59 - 2013-12-13 14:59 - 00000578 _____ C:\Users\Joachim\Desktop\emsi.zip
2013-12-13 14:58 - 2013-12-13 14:58 - 00788728 _____ (Emsisoft GmbH) C:\Users\Joachim\Downloads\mbrmastr.exe
2013-12-13 14:58 - 2013-12-13 14:58 - 00000512 _____ C:\Users\Joachim\Desktop\emsi.mbr
2013-12-13 03:06 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 03:06 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 03:06 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 03:06 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 03:04 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 03:04 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 03:04 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 03:04 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 03:04 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 03:04 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 03:04 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 03:04 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 03:04 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 03:04 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 03:04 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 03:04 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 03:04 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 03:04 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 03:04 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 03:04 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 03:04 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 03:04 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 03:04 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 03:04 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 03:04 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 03:04 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 03:04 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 03:04 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 03:04 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 03:04 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 03:04 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 03:04 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 03:04 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 03:04 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 03:04 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 17:56 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 17:56 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 17:54 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 17:54 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 17:54 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 17:54 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 17:54 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 17:54 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 17:54 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 17:54 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 17:54 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 17:54 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 17:54 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 17:54 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 17:54 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 17:54 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 17:54 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 17:54 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 17:54 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 17:52 - 2013-12-12 17:52 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-08 13:19 - 2013-12-08 17:53 - 00000000 ____D C:\Users\Joachim\Desktop\mbar
2013-12-08 13:18 - 2013-12-08 13:18 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Joachim\Downloads\mbar-1.07.0.1008.exe
2013-12-05 12:46 - 2013-12-08 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-05 12:45 - 2013-12-05 19:04 - 00000000 ____D C:\Program Files\mbar
2013-12-05 12:45 - 2013-12-05 12:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 12:35 - 2013-12-26 19:07 - 01928716 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-05 12:33 - 2013-12-26 18:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-05 12:33 - 2013-12-26 18:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-05 12:33 - 2013-12-26 18:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:30 - 2013-12-26 18:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-05 12:29 - 2013-12-26 18:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-05 12:28 - 2013-12-26 18:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-05 12:28 - 2013-12-06 16:23 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 12:28 - 2013-12-05 20:05 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 12:28 - 2013-12-05 12:39 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:28 - 2013-12-05 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:27 - 2013-12-05 12:28 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:09 - 2013-12-04 19:22 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-03 20:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:25 - 2013-12-03 20:33 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-11 18:47 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 15:53 - 2013-12-01 15:55 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 15:50 - 2013-12-26 19:07 - 00000000 ____D C:\FRST
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe

==================== One Month Modified Files and Folders =======

2013-12-26 19:08 - 2013-12-26 19:08 - 00015772 _____ C:\Users\Joachim\Downloads\FRST.txt
2013-12-26 19:08 - 2011-12-28 20:19 - 00007608 _____ C:\Users\Joachim\AppData\Local\resmon.resmoncfg
2013-12-26 19:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-26 19:07 - 2013-12-26 19:07 - 00000000 ____D C:\Users\Joachim\Downloads\FRST-OlderVersion
2013-12-26 19:07 - 2013-12-05 12:35 - 01928716 _____ (Farbar) C:\Users\Joachim\Downloads\FRST64.exe
2013-12-26 19:07 - 2013-12-01 15:50 - 00000000 ____D C:\FRST
2013-12-26 19:01 - 2010-11-21 11:46 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-26 19:00 - 2010-11-21 11:47 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-26 19:00 - 2010-11-21 11:46 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001432 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001334 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-26 18:33 - 2013-12-05 12:33 - 00001234 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-26 18:33 - 2012-08-25 21:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 18:30 - 2013-12-05 12:30 - 00002340 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-26 18:29 - 2013-12-05 12:29 - 00002064 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-26 18:28 - 2013-12-05 12:28 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-12-26 18:18 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:18 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:17 - 2009-07-14 06:10 - 01758868 _____ C:\Windows\WindowsUpdate.log
2013-12-26 18:13 - 2012-01-28 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 18:13 - 2009-07-14 18:58 - 24510594 _____ C:\Windows\system32\perfh007.dat
2013-12-26 18:13 - 2009-07-14 18:58 - 07931422 _____ C:\Windows\system32\perfc007.dat
2013-12-26 18:13 - 2009-07-14 06:13 - 00006980 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 15:34 - 2012-01-28 17:08 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 15:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 15:33 - 2013-11-22 16:04 - 00004775 _____ C:\Windows\setupact.log
2013-12-19 18:49 - 2013-05-02 12:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-19 18:49 - 2013-03-25 13:36 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-19 18:49 - 2013-03-25 13:36 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-19 18:48 - 2013-12-19 18:48 - 00000030 _____ C:\Users\Joachim\AppData\Roaming\WB.CFG
2013-12-16 22:10 - 2010-11-21 11:46 - 00004286 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-16 21:51 - 2013-12-16 21:51 - 00540072 _____ (Neuber Software) C:\Users\Joachim\Downloads\SvchostAnalyzer.exe
2013-12-16 18:48 - 2013-12-16 18:48 - 00000000 ____D C:\ProgramData\NovaTech Network
2013-12-16 18:39 - 2013-12-16 18:39 - 00000000 ____D C:\Program Files (x86)\Novawave
2013-12-16 18:37 - 2013-12-16 18:37 - 12256936 _____ (Novawave Inc.                                              ) C:\Users\Joachim\Downloads\novabench3.exe
2013-12-15 08:12 - 2012-01-28 17:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-15 03:02 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2010-11-15 06:20 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 14:59 - 2013-12-13 14:59 - 00000597 _____ C:\Users\Joachim\Desktop\MBRMastr_2013.12.13_14.59.09.txt
2013-12-13 14:59 - 2013-12-13 14:59 - 00000578 _____ C:\Users\Joachim\Desktop\emsi.zip
2013-12-13 14:58 - 2013-12-13 14:58 - 00788728 _____ (Emsisoft GmbH) C:\Users\Joachim\Downloads\mbrmastr.exe
2013-12-13 14:58 - 2013-12-13 14:58 - 00000512 _____ C:\Users\Joachim\Desktop\emsi.mbr
2013-12-13 12:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-13 12:26 - 2013-10-26 19:52 - 00000000 ____D C:\Users\Joachim\AppData\Local\Htc
2013-12-13 04:08 - 2013-11-15 04:09 - 00000000 ____D C:\Windows\rescache
2013-12-13 03:24 - 2013-11-22 16:04 - 00400352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 03:06 - 2010-05-26 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 18:06 - 2013-11-22 16:08 - 00101208 _____ C:\Users\Joachim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 17:53 - 2012-08-25 21:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 17:53 - 2012-04-09 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 17:53 - 2011-06-17 18:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-12 17:52 - 2013-12-12 17:52 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 18:47 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\ProductData
2013-12-09 19:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-09 18:59 - 2013-11-24 18:47 - 00008670 _____ C:\Windows\PFRO.log
2013-12-09 18:26 - 2013-05-09 03:52 - 00000000 ____D C:\Windows\Minidump
2013-12-08 17:53 - 2013-12-08 13:19 - 00000000 ____D C:\Users\Joachim\Desktop\mbar
2013-12-08 17:53 - 2013-12-05 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-08 13:18 - 2013-12-08 13:18 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Joachim\Downloads\mbar-1.07.0.1008.exe
2013-12-08 13:05 - 2012-01-28 17:08 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 13:05 - 2012-01-28 17:08 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 16:23 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-12-05 20:05 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-12-05 19:04 - 2013-12-05 12:45 - 00000000 ____D C:\Program Files\mbar
2013-12-05 12:45 - 2013-12-05 12:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-05 12:39 - 2013-12-05 12:28 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-05 12:39 - 2013-12-05 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 12:33 - 2013-12-05 12:33 - 00004462 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-05 12:33 - 2013-12-05 12:33 - 00004364 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-05 12:33 - 2013-12-05 12:33 - 00004264 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-05 12:28 - 2013-12-05 12:28 - 00003254 _____ C:\Windows\System32\Tasks\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\Dealply
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\Users\Joachim\AppData\Local\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:28 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-12-05 12:28 - 2013-12-05 12:27 - 23115760 _____ (Mozilla) C:\Users\Joachim\Downloads\Firefox_Setup_25.0.1DE.exe
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Users\Joachim\AppData\Local\SearchProtect
2013-12-05 12:27 - 2013-12-05 12:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-05 12:26 - 2013-12-05 12:26 - 00000000 ____D C:\Users\Joachim\Downloads\TeamViewer
2013-12-04 20:41 - 2013-12-04 20:41 - 00606040 _____ C:\Users\Joachim\Downloads\mozilla firefox setup.exe
2013-12-04 19:22 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Process Explorer
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\ChromeExtensions
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Tempc80783acf6c601f3341ca18a7170d60c
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp83fd0a09e744ae9eb85a12e74ad18381
2013-12-04 19:19 - 2013-12-04 19:19 - 00000000 ____D C:\Users\Joachim\AppData\Local\Temp4d502516002bc02c9b4f3b6331adda13
2013-12-04 19:19 - 2010-11-09 10:32 - 00000000 ____D C:\Users\Joachim
2013-12-04 19:09 - 2013-12-04 19:09 - 00000000 ____D C:\Users\Joachim\Downloads\Mailwarebytes
2013-12-04 09:38 - 2010-11-09 10:38 - 00001331 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 09:36 - 2010-05-26 16:50 - 00000000 ____D C:\Windows\Panther
2013-12-04 09:33 - 2013-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-03 20:33 - 2013-12-03 20:25 - 00010277 _____ C:\Windows\IE11_main.log
2013-12-03 20:27 - 2013-12-03 20:27 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:27 - 2013-12-03 20:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:27 - 2013-12-03 20:27 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:27 - 2013-12-03 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:27 - 2013-12-03 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:27 - 2013-12-03 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 17:54 - 2011-12-30 19:41 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-03 17:54 - 2010-05-26 14:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-03 17:48 - 2013-12-03 17:48 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-03 17:45 - 2013-12-03 17:45 - 00001239 _____ C:\Users\Joachim\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00001215 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2013-12-03 17:45 - 2013-12-03 17:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\Users\Joachim\AppData\Roaming\IObit
2013-12-03 17:45 - 2013-11-24 19:16 - 00000000 ____D C:\ProgramData\IObit
2013-12-03 17:42 - 2013-12-03 17:42 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 17:42 - 2013-12-03 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 21:25 - 2010-11-11 09:29 - 00000000 ____D C:\Users\Joachim\AppData\Local\Mozilla
2013-12-01 15:55 - 2013-12-01 15:53 - 00035029 _____ C:\Users\Joachim\Downloads\Addition.txt
2013-12-01 13:24 - 2013-12-01 13:24 - 00000000 ____D C:\Users\Joachim\Desktop\Tauschlaufwerk
2013-12-01 11:38 - 2010-05-26 06:58 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-01 11:36 - 2013-12-01 11:36 - 03707864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-01 11:36 - 2013-12-01 11:36 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 02587864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-01 11:36 - 2013-12-01 11:36 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00681905 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-01 11:36 - 2013-12-01 11:36 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-01 11:36 - 2013-12-01 11:36 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-01 11:35 - 2013-12-01 11:35 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-01 11:34 - 2010-11-21 11:46 - 00003456 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-11-28 13:03 - 2013-01-19 13:00 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2013-11-28 13:03 - 2013-01-19 12:59 - 00001074 _____ C:\Users\Joachim\Desktop\tiptoi.lnk
2013-11-26 17:38 - 2013-11-26 17:38 - 00952160 _____ (Netviewer AG) C:\Users\Joachim\Downloads\datev_fernbetreuung_online.exe
2013-11-26 12:54 - 2013-12-13 03:04 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-13 03:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-13 03:04 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-13 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-13 03:04 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-13 03:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-13 03:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-13 03:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-13 03:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-13 03:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-13 03:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-13 03:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-13 03:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-13 03:04 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-13 03:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-13 03:04 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-13 03:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-13 03:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-13 03:04 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-13 03:04 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-13 03:04 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-13 03:04 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 03:04 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-13 03:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-13 03:04 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-13 03:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-13 03:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 03:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-13 03:04 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\Joachim\AppData\Local\Temp\1384452412_dp.exe
C:\Users\Joachim\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Joachim\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Joachim\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\avgnt.exe
C:\Users\Joachim\AppData\Local\Temp\nsi57F4.exe
C:\Users\Joachim\AppData\Local\Temp\nsy7CE3.exe
C:\Users\Joachim\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Joachim\AppData\Local\Temp\sdapskill.exe
C:\Users\Joachim\AppData\Local\Temp\sp_downloader.exe
C:\Users\Joachim\AppData\Local\Temp\SwiftBrowse_s3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 18:38

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Was kann ich denn gegen die vielen svchost Dienst machen? oder diese analysieren?

Gruß Joachim

schrauber 27.12.2013 16:45
Jede DLL von jedem Programm, die starten will, braucht ne eigene SVCHOST. das ist normal. Hast du den jetzt zum dritten Mal erwähnten Process Explorer schon genutzt? ;)

Joachim_78 28.12.2013 06:29
Guten Morgen Schrauber,

ich habe es mehrmals versucht mit dem Process Explorer, aber wie schon geantwortet stüzt mir da Programm immer ab. Ich komme nie dazu ein Ergebnis zu erhalten geschweige denn eines zu posten. Gibts denn keine stabile Version die unter Windoof 7 64 bit läuft ohne abzustürzen? Gibt es eine stabile Alternative dazu?

Gruß Joachim

Joachim_78 28.12.2013 13:40
Hallo Schrauber,

hier die beiden Screenshots vom Process Explorer mir sagen diese Werte da nichts ausser diese komische Conhost Dienste die ich als Warnung auch schon im Explorer her kenne als ich den gescannt habe. Scheint dies ein überbleibsel vom dem Trojaner zu sein?

Vielleicht brauchst du auch noch genauere Werte, musst mir nur sagen wie ich das dann anstelle.

Gruß Joachim

schrauber 29.12.2013 11:42
Ist alles normal, und die CPU Last ist naezu göttlich :). Ich seh da gar keine Probleme :)

Joachim_78 29.12.2013 12:10
Ok danke..
ich glaube dann bin ich von meinem Fest-PC verwöhnt und durch die Tatsache das der Lapi auch schon 3.5 Jahre alt ist.. Vobei sich immer der Arbeitsablauf ernorm ändert wenn man schnellere PCs auch im Altag benutzt.

Danke für die Hilfe...
Bis zum nächsten Mal
Gruß Joachim

schrauber 30.12.2013 10:39
Zitat:
Tatsache das der Lapi auch schon 3.5 Jahre alt ist.
Das enstpricht in der Realität ungefähr 30 Jahren :D

Mein Arbeits-Laptop ist auch so alt, der Lüfter läuft durchgehend auf 100%, das is eben schlicht sau alt :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19