Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 - Nur noch Verknüpfungen auf USB-Stick (https://www.trojaner-board.de/149744-windows-7-nur-noch-verknuepfungen-usb-stick.html)

KeyzerSoze 13.02.2014 20:47
Windows 7 - Nur noch Verknüpfungen auf USB-Stick
 
Hallo!

Ich habe das Problem, dass plötzlich nur noch Verknüpfungen auf meinem USB-Stick sind.
Die Dateien auf dem Stick sind mir egal, mir geht es um meinen Rechner und die Dateien die darauf gespeichert sind. Aber auch wenn ich einen anderen Stick anstöpsel, sind nur noch Verknüpfungen da.
Ich muss viel mit diesem Rechner arbeiten, eine Neuinstallation wäre gerade fast unmöglich, ich hoffe man kann noch was retten!
Ich habe alles, was ich bisher gemacht habe hier gepostet:

Antivir:
Code:
Exportierte Ereignisse:

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Fabian\AppData\Local\Temp\lyricsPaltmp.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b19024a.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Fabian\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\UOWLAE00\LyricsPal_1060-8101_v133[1]'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '07a12e3f.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2e1ee8f0-36b4
      4ec5'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.506'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45af082b.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b388dfa-5bc0d
      83f'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.sgf.27' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d3f27de.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\27dd6a64-5fa4
      977d'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-1493.A.506'
      [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '17835295.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Fabian\AppData\Local\Temp\LyricsPal_1060-8101_v122.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3402302b.qua'
      verschoben!

09.02.2014 14:57 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e5f914-7b23
      6452'
      enthielt einen Virus oder unerwünschtes Programm 'Java/Lamar.dhv.9' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71b31d55.qua'
      verschoben!

08.02.2014 18:45 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Fabian\AppData\Local\Temp\ICReinstall_MusicConverterSetup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a2ff90f.qua'
      verschoben!

08.02.2014 18:44 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Fabian\AppData\Local\Temp\ICReinstall_MusicConverterSetup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.02.2014 18:44 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Fabian\AppData\Local\Temp\ICReinstall_MusicConverterSetup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.02.2014 18:43 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\LyricsPal\Lyrics.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5b50fd9e.qua'
      verschoben!

08.02.2014 18:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files (x86)\LyricsPal\Lyrics.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

08.02.2014 18:41 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files (x86)\LyricsPal\Lyrics.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

15.01.2014 21:59 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files (x86)\LyricsPal\Lyrics.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Malwarebytes:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Fabian :: FABIAN-PC [Administrator]

12.02.2014 17:28:03
MBAM-log-2014-02-12 (18-52-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446024
Laufzeit: 1 Stunde(n), 18 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5526d33c-7120-4326-9097-defcbdfa0dbc} (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\LyricsPal (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 26
C:\Users\Fabian\AppData\Local\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\CKYWCeKK.exe.part (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\dp.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\HEpFyhZs.exe.part (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\_6hZbpcp.exe.part (PUP.Optional.Tuguu) -> Keine Aktion durchgeführt.
C:\Users\Fabian\AppData\Local\Temp\OCS\Downloads\705f49176579a643660bff5ff6ae3956\3674eca8030cd1cd539084cf3ebbac8c\YTD3.9.6.exe (PUP.Optional.Spigot.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Desktop\DVDShrink_downloader_by_DVDShrink.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Desktop\Windows7 Treiber für Dell Inspiron1525\Treiber Inspiron 1525 Windows 7\USB\ricoh_r5c83x_84x_driver_v2140005_id868899id.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\FreeVideoToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\Player-Firefox(1).exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\Player-Firefox.exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\Setup(1).exe (PUP.Optional.Tuguu) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\Updater_Setup(1).exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Fabian\Downloads\Updater_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Lyrics-Pal Update.job (PUP.Optional.Lyrics.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\01.crx (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\01a.xpi (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\133.crx (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\133.dat (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\133.xpi (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\sqlite3.dll (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\LyricsPal\Uninstall.exe (PUP.Optional.LyricsPal.A) -> Keine Aktion durchgeführt.

(Ende)
defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:43 on 13/02/2014 (Fabian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Farbar's Recovery Scan Tool, FRST.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Fabian (administrator) on FABIAN-PC on 13-02-2014 09:46:59
Running from C:\Users\Fabian\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files\ProgDVB\ProgDVBService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
() C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dropbox, Inc.) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3832064 2009-09-11] (O&O Software GmbH)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [] - [X]
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Amazon Cloud Player] - C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Mozilla] - C:\Users\Fabian\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02EC7B611FC4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 192.168.0.1
Tcpip\..\Interfaces\{0D91560E-2D71-4AA6-91B7-32E262F11FA2}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default
FF user.js: detected! => C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\user.js
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13 - C:\Users\Fabian\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireJump - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\firejump@firejump.net [2013-05-22]
FF Extension: Xmarks - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\foxmarks@kei.com [2013-05-21]
FF Extension: Spartipps von SparPilot.com - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\sparpilot@sparpilot.com [2013-05-22]
FF Extension: DownloadHelper - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\extensions\sparpilot@sparpilot.com
FF Extension: Spartipps von SparPilot.com - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\extensions\sparpilot@sparpilot.com [2013-05-22]
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\extensions\firejump@firejump.net
FF Extension: FireJump - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\extensions\firejump@firejump.net [2013-05-22]
FF HKCU\...\Firefox\Extensions: [{8f5010e2-9577-4aed-ad42-f2098ea15def}] - C:\Program Files (x86)\LyricsPal\133.xpi
FF Extension: Lyrics-Pal - C:\Program Files (x86)\LyricsPal\133.xpi [2013-09-12]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-07] ()
R2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-11] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-01-28] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake Video Downloader\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 09:46 - 2014-02-13 09:47 - 00018953 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-13 09:46 - 2014-02-13 09:46 - 00000000 ____D () C:\FRST
2014-02-13 09:45 - 2014-02-13 09:45 - 02152448 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:29 - 2014-02-08 18:30 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:14 - 2013-10-06 18:07 - 00009694 ___SH () C:\Users\Fabian\AppData\Roaming\Mozilla.vbs
2014-02-08 18:10 - 2014-02-08 18:40 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-06 15:52 - 2014-02-06 16:07 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-05 17:19 - 2014-02-05 17:39 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-04 16:12 - 2014-02-04 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 19:57 - 2014-01-30 20:18 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:24 - 2014-01-29 21:54 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:15 - 2014-01-28 20:38 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 19:32 - 2014-01-28 20:11 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 18:47 - 2014-01-27 19:14 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:19 - 2014-01-27 18:45 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 18:27 - 2014-01-26 19:08 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 17:29 - 2014-01-26 18:25 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-22 20:59 - 2014-01-22 21:00 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:17 - 2014-01-22 20:46 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 15:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-22 15:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-22 15:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-22 15:10 - 2014-01-22 15:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 16:15 - 2014-01-21 17:07 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:53 - 2014-01-21 14:27 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:03 - 2014-01-21 13:45 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:06 - 2014-01-19 14:07 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 13:59 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 13:57 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-17 16:41 - 2014-01-17 16:44 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:35 - 2014-01-17 17:08 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 15:47 - 2014-01-17 16:15 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 17:57 - 2014-01-16 18:42 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:25 - 2014-01-16 17:47 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-15 21:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 21:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 21:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 20:27 - 2014-01-15 21:09 - 1625030776 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.14_20-15_vox_120_TVOON_DE.mpg.HQ.avi.otrkey

==================== One Month Modified Files and Folders =======

2014-02-13 09:47 - 2014-02-13 09:46 - 00018953 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-13 09:47 - 2013-05-21 17:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Free Download Manager
2014-02-13 09:46 - 2014-02-13 09:46 - 00000000 ____D () C:\FRST
2014-02-13 09:45 - 2014-02-13 09:45 - 02152448 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:43 - 2012-07-20 20:22 - 00000000 ____D () C:\Users\Fabian
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-13 09:32 - 2012-07-24 22:47 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2014-02-13 09:12 - 2012-07-20 22:29 - 00697506 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 09:12 - 2012-07-20 22:29 - 00149442 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 09:12 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 09:01 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 09:01 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 09:00 - 2012-07-20 20:15 - 02090928 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 08:58 - 2013-03-15 15:05 - 00000000 ___RD () C:\Users\Fabian\Dropbox
2014-02-13 08:58 - 2013-03-15 15:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Dropbox
2014-02-13 08:55 - 2012-07-21 00:41 - 01298968 _____ () C:\Windows\system32\oodbs.lor
2014-02-13 08:55 - 2009-07-14 05:51 - 00124551 _____ () C:\Windows\setupact.log
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:32 - 2013-01-10 23:43 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ_Sicherungen
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:43 - 2013-09-12 13:39 - 00000000 ____D () C:\Program Files (x86)\LyricsPal
2014-02-08 18:40 - 2014-02-08 18:10 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:30 - 2014-02-08 18:29 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:14 - 2012-07-20 20:24 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:10 - 2012-07-23 11:00 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-08 14:12 - 2013-02-21 17:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ColdCut
2014-02-08 14:10 - 2013-02-21 18:29 - 00036864 _____ () C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-06 16:07 - 2014-02-06 15:52 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-06 13:41 - 2012-07-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 17:39 - 2014-02-05 17:19 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-04 16:12 - 2014-02-04 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:56 - 2013-04-27 18:36 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Audacity
2014-01-31 16:48 - 2012-09-18 12:56 - 00000000 ____D () C:\Users\Fabian\Desktop\Unterrichtsvorbereitung 1
2014-01-30 20:18 - 2014-01-30 19:57 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:54 - 2014-01-29 21:24 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:38 - 2014-01-28 20:15 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:11 - 2014-01-28 19:32 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 19:14 - 2014-01-27 18:47 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:45 - 2014-01-27 18:19 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 19:08 - 2014-01-26 18:27 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 18:25 - 2014-01-26 17:29 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-25 13:13 - 2012-08-03 13:36 - 00000000 ____D () C:\Users\Fabian\Documents\Eigene Scans
2014-01-22 21:00 - 2014-01-22 20:59 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:46 - 2014-01-22 20:17 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2014-01-22 15:10 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 15:11 - 2013-10-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-22 15:11 - 2013-06-22 13:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 17:07 - 2014-01-21 16:15 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 14:27 - 2014-01-21 13:53 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:45 - 2014-01-21 13:03 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 15:22 - 2013-05-21 22:43 - 00000000 ____D () C:\Users\Fabian\Documents\CD Cover_Karten
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:06 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 14:06 - 2014-01-19 13:59 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 14:06 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-18 12:36 - 2014-01-03 13:38 - 00001439 _____ () C:\Users\Fabian\Desktop\BBZ.lnk
2014-01-18 12:36 - 2014-01-03 13:38 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ
2014-01-17 17:08 - 2014-01-17 16:35 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 16:44 - 2014-01-17 16:41 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-17 16:15 - 2014-01-17 15:47 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 18:42 - 2014-01-16 17:57 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:47 - 2014-01-16 17:25 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 16:01 - 2013-03-15 15:02 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 22:35 - 2009-07-14 05:45 - 00443568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:05 - 2013-07-18 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 21:57 - 2012-07-20 20:55 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 21:09 - 2014-01-15 20:27 - 1625030776 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.14_20-15_vox_120_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-15 17:05 - 2012-09-05 10:56 - 00000000 ____D () C:\Users\Fabian\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Fabian\AppData\Local\Temp\AskSLib.dll
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\DeltaTB.exe
C:\Users\Fabian\AppData\Local\Temp\DivXSetup.exe
C:\Users\Fabian\AppData\Local\Temp\dp.exe
C:\Users\Fabian\AppData\Local\Temp\dvdshrink32setup.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightfp.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightrtd.exe
C:\Users\Fabian\AppData\Local\Temp\FreemakeVideoDownloader_3.1.0.2.exe
C:\Users\Fabian\AppData\Local\Temp\IminentSetup.exe
C:\Users\Fabian\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Fabian\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\ose00001.exe
C:\Users\Fabian\AppData\Local\Temp\ripsetup.exe
C:\Users\Fabian\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 08:17

==================== End Of Log ============================
Farbar's Recovery Scan Tool, addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014 01
Ran by Fabian at 2014-02-13 09:47:48
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABC Amber Nokia Converter (x32 Version:  - )
ACE Stream Media 2.0.13 (HKCU Version: 2.0.13 - ACE Stream Media)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Cloud Player (HKCU Version: 2.3.0.422 - Amazon Services LLC)
Any Video Converter 3.5.1 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (x32 Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.84 (x32 Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
AviSynth 2.6 (x32 Version: 2.6.0.2 - GPL Public release.)
AvsP (x32 Version:  - )
BBZ (x32 Version: 4.15 - iKuH-Software)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bundled software uninstaller (x32 Version:  - ) <==== ATTENTION
C5200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C5200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CdCoverCreator 2.5.3 (x32 Version: 2.5.3 - thyanté Software)
ColdCut (x32 Version: ColdCut - © Jan Brummelte)
Compiled Driver Disc (Full) 1.0 (Version: 1.0.4.0 - COMPELSON Labs)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Desktop Icon für Amazon (Version: 1.0.1 (de) - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX-Setup (x32 Version: 2.6.1.24 - DivX, LLC)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
dradio-Recorder Version 3.02.6 (x32 Version:  - )
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
DVD slideshow GUI 0.9.5.4 (x32 Version: 0.9.5.4 - Tin2tin)
Express Rip (x32 Version: 1.94 - NCH Software)
FastStone Image Viewer 4.6 (x32 Version: 4.6 - FastStone Soft)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 2946] [2009-05-15] (x32 Version: 1.0 - )
FireJump (x32 Version: 1.0.2.7 - FireJump.net)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Download Manager 3.9.2 (x32 Version:  - FreeDownloadManager.ORG)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.29.925 (x32 Version: 5.0.29.925 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.0.128 (x32 Version: 3.2.0.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (x32 Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GUI for dvdauthor 1.07 (x32 Version: 1.07 - Boraxsoft)
Haali Media Splitter (x32 Version:  - )
Helix YUV Codecs (remove only) (x32 Version:  - )
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImgBurn (x32 Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (x32 Version:  - )
Laptop Integrated Webcam Driver (1.04.01.1011)  (Version:  - )
Lyrics-Pal (x32 Version:  - LyricsPal Soft. LTD) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
mkv2vob (x32 Version: 2.4.9 - 3r1c)
MOBILedit! Support Libraries (x32 Version: 4.0.0 - COMPELSON Labs)
MOBILedit! ver. 6.9.0.2876 (x32 Version: 6.9.0.2876 - COMPELSON Labs)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MP3jam 1.1.0.12 (x32 Version: 1.1.0.12 - MP3jam)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20900 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 12.0.01100 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.10001 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.172.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Suite (x32 Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
O&O Defrag Professional (Version: 12.0.197 - O&O Software GmbH)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
PC Connectivity Solution (x32 Version: 12.0.109.0 - Nokia)
PDF Architect (x32 Version: 1.0.41.8362 - pdfforge)
PDF Split And Merge Basic (Version: 2.2.2 - Andrea Vacondio)
PDFCreator (x32 Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
PDF-to-Word 3.1 Demo (x32 Version:  - )
Phone Drivers Downloader 1.1 (Version: 1.1.0.0 - COMPELSON Labs)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
ProgDVB x64 (Version: 6.9x - Prog)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (x32 Version: 3.53.02 - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
SigmaTel Audio (x32 Version: 5.10.5210.0 - SigmaTel)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SopCast 3.5.0 (x32 Version: 3.5.0 - www.sopcast.com)
SparPilot (x32 Version: 2.0.9 - SparPilot.com)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Checkup 3.4 (x32 Version: 3.4.0.53 - iolo technologies, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vereinfachte Ausgangsschrift (x32 Version:  - )
VideoPad Videobearbeitungs-Software (x32 Version:  - NCH Software)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.0.2 (Version: 2.0.2 - VideoLAN)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (x32 Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
XMedia Recode Version 3.1.6.4 (x32 Version: 3.1.6.4 - XMedia Recode)
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00A2C092-7498-43F4-9A08-42B076FEA486} - System32\Tasks\NCH Software\ExpressRipDowngrade => C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe [2013-07-18] (NCH Software)
Task: {18DF7539-FB2F-4110-A0F1-F862B79A8D4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05] (Google Inc.)
Task: {35779821-663F-4B61-AA97-B680442A9704} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5797959A-ECC0-4765-A7A9-75D9647D2AC8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {95DA144F-55F4-4958-8560-510364CB6168} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05] (Google Inc.)
Task: {B220F13F-3AF5-4E87-9758-3F02C0777773} - System32\Tasks\Lyrics-Pal Update => C:\Program Files (x86)\LyricsPal\Lyrics.exe <==== ATTENTION
Task: {DCDBB6D4-4FA7-43BD-914E-E2CE333F4036} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Lyrics-Pal Update.job => C:\Program Files (x86)\LyricsPal\Lyrics.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-19 14:07 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-08-05 11:21 - 2013-08-05 11:16 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-09-07 00:05 - 2012-09-07 00:05 - 07244800 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Fabian\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-04 16:12 - 2014-02-04 16:12 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-15 20:27 - 2014-01-15 20:27 - 00283648 _____ () C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0.1\components\vmsfdmff22.dll
2013-05-21 17:54 - 2013-01-11 02:17 - 00105984 _____ () C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-21 17:54 - 2013-01-11 02:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: dradio-RecorderTimer => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 04:01:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.5866.0, Zeitstempel: 0x47b615ae
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000280e
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xSTacSV64.exe0
Pfad der fehlerhaften Anwendung: STacSV64.exe1
Pfad des fehlerhaften Moduls: STacSV64.exe2
Berichtskennung: STacSV64.exe3

Error: (02/03/2014 03:35:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MP3jam.exe, Version: 1.1.0.12, Zeitstempel: 0x5215af32
Name des fehlerhaften Moduls: bass.dll, Version: 2.4.10.0, Zeitstempel: 0x511f8348
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004e08
ID des fehlerhaften Prozesses: 0x9fc
Startzeit der fehlerhaften Anwendung: 0xMP3jam.exe0
Pfad der fehlerhaften Anwendung: MP3jam.exe1
Pfad des fehlerhaften Moduls: MP3jam.exe2
Berichtskennung: MP3jam.exe3

Error: (02/03/2014 03:35:03 PM) (Source: .NET Runtime) (User: )
Description: Application: MP3jam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURLUnicode(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURL(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_c(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_b(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_a(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.Initialize(System.String, mp3jamapp.Downloader.Playback.MediaType, Boolean)
  at mp3jamapp.Downloader.Playback.BaseContentPlayer.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.PlayerSelector.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.TrackPlayer.eval_a(System.Object, SafeWaiter, Boolean ByRef)
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.DelegatedWaitingTask.Execute()
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.SequentalTaskManager.eval_c()
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart()

Error: (02/03/2014 03:34:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MP3jam.exe, Version: 1.1.0.12, Zeitstempel: 0x5215af32
Name des fehlerhaften Moduls: bass.dll, Version: 2.4.10.0, Zeitstempel: 0x511f8348
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004e08
ID des fehlerhaften Prozesses: 0x138c
Startzeit der fehlerhaften Anwendung: 0xMP3jam.exe0
Pfad der fehlerhaften Anwendung: MP3jam.exe1
Pfad des fehlerhaften Moduls: MP3jam.exe2
Berichtskennung: MP3jam.exe3

Error: (02/03/2014 03:34:16 PM) (Source: .NET Runtime) (User: )
Description: Application: MP3jam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURLUnicode(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURL(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_c(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_b(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_a(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.Initialize(System.String, mp3jamapp.Downloader.Playback.MediaType, Boolean)
  at mp3jamapp.Downloader.Playback.BaseContentPlayer.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.PlayerSelector.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.TrackPlayer.eval_a(System.Object, SafeWaiter, Boolean ByRef)
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.DelegatedWaitingTask.Execute()
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.SequentalTaskManager.eval_c()
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart()

Error: (01/28/2014 08:30:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: qotr.exe, Version: 0.0.0.0, Zeitstempel: 0x4b7aa48d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02848954
ID des fehlerhaften Prozesses: 0xcf4
Startzeit der fehlerhaften Anwendung: 0xqotr.exe0
Pfad der fehlerhaften Anwendung: qotr.exe1
Pfad des fehlerhaften Moduls: qotr.exe2
Berichtskennung: qotr.exe3

Error: (01/27/2014 07:37:30 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm qotr.exe wurde wegen dieses Fehlers geschlossen.

Programm: qotr.exe
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (01/27/2014 07:37:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: qotr.exe, Version: 0.0.0.0, Zeitstempel: 0x4b7aa48d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000096
Fehleroffset: 0x025388a4
ID des fehlerhaften Prozesses: 0x161c
Startzeit der fehlerhaften Anwendung: 0xqotr.exe0
Pfad der fehlerhaften Anwendung: qotr.exe1
Pfad des fehlerhaften Moduls: qotr.exe2
Berichtskennung: qotr.exe3

Error: (01/26/2014 11:19:12 AM) (Source: Application Hang) (User: )
Description: Programm fdm.exe, Version 3.9.1303.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1380

Startzeit: 01cf1a7ff37fbde6

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Free Download Manager\fdm.exe

Berichts-ID: 3b435933-8673-11e3-9555-001d095f19e1

Error: (01/25/2014 05:34:56 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5e4

Startzeit: 01cf19db77417c80

Endzeit: 4243

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:


System errors:
=============
Error: (02/13/2014 08:55:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/12/2014 09:11:00 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:10:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:10:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:10:58 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:09:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:09:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:09:18 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 09:09:18 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (02/12/2014 08:55:04 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR18 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/10/2014 04:01:06 PM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.5866.047b615aemsvcrt.dll7.0.7601.177444eeb033fc0000005000000000000280e9a801cf2668bac6b523C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exeC:\Windows\system32\msvcrt.dll2a8ccad7-9264-11e3-be41-001d095f19e1

Error: (02/03/2014 03:35:03 PM) (Source: Application Error)(User: )
Description: MP3jam.exe1.1.0.125215af32bass.dll2.4.10.0511f8348c000000500004e089fc01cf20ed146f23c6C:\Program Files (x86)\MP3jam\MP3jam.exeC:\Program Files (x86)\MP3jam\bass.dll5da73c16-8ce0-11e3-9ad1-001d095f19e1

Error: (02/03/2014 03:35:03 PM) (Source: .NET Runtime)(User: )
Description: Application: MP3jam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURLUnicode(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURL(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_c(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_b(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_a(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.Initialize(System.String, mp3jamapp.Downloader.Playback.MediaType, Boolean)
  at mp3jamapp.Downloader.Playback.BaseContentPlayer.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.PlayerSelector.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.TrackPlayer.eval_a(System.Object, SafeWaiter, Boolean ByRef)
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.DelegatedWaitingTask.Execute()
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.SequentalTaskManager.eval_c()
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart()

Error: (02/03/2014 03:34:19 PM) (Source: Application Error)(User: )
Description: MP3jam.exe1.1.0.125215af32bass.dll2.4.10.0511f8348c000000500004e08138c01cf20ecc5ea0b82C:\Program Files (x86)\MP3jam\MP3jam.exeC:\Program Files (x86)\MP3jam\bass.dll438da3a0-8ce0-11e3-9ad1-001d095f19e1

Error: (02/03/2014 03:34:16 PM) (Source: .NET Runtime)(User: )
Description: Application: MP3jam.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURLUnicode(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at Un4seen.Bass.AddOn.Aac.BassAac.BASS_AAC_StreamCreateURL(System.String, Int32, Un4seen.Bass.BASSFlag, Un4seen.Bass.DOWNLOADPROC, IntPtr)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_c(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_b(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.eval_a(Int32)
  at mp3jamapp.Downloader.Playback.SleeperPlayer.Initialize(System.String, mp3jamapp.Downloader.Playback.MediaType, Boolean)
  at mp3jamapp.Downloader.Playback.BaseContentPlayer.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.PlayerSelector.Initialize(mp3jamapp.Downloader.PluginCommons.IContentInfo)
  at mp3jamapp.Downloader.Logic.Playback.TrackPlayer.eval_a(System.Object, SafeWaiter, Boolean ByRef)
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.DelegatedWaitingTask.Execute()
  at mp3jamapp.Miscellaneous.Tools.TaskManagement.SequentalTaskManager.eval_c()
  at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Threading.ThreadHelper.ThreadStart()

Error: (01/28/2014 08:30:03 PM) (Source: Application Error)(User: )
Description: qotr.exe0.0.0.04b7aa48dunknown0.0.0.000000000c000000502848954cf401cf1c5eff809f34C:\Users\Fabian\Desktop\qotrdecoder-win32-0.0.247-r1132\qotr.exeunknown95829d91-8852-11e3-ae49-001d095f19e1

Error: (01/27/2014 07:37:30 PM) (Source: Application Error)(User: )
Description: qotr.exe000000000

Error: (01/27/2014 07:37:30 PM) (Source: Application Error)(User: )
Description: qotr.exe0.0.0.04b7aa48dunknown0.0.0.000000000c0000096025388a4161c01cf1b8ea022772cC:\Users\Fabian\Desktop\qotrdecoder-win32-0.0.247-r1132\qotr.exeunknown13b30637-8782-11e3-bca1-001d095f19e1

Error: (01/26/2014 11:19:12 AM) (Source: Application Hang)(User: )
Description: fdm.exe3.9.1303.0138001cf1a7ff37fbde626C:\Program Files (x86)\Free Download Manager\fdm.exe3b435933-8673-11e3-9555-001d095f19e1

Error: (01/25/2014 05:34:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.50875e401cf19db77417c804243C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4086.04 MB
Available physical RAM: 2243 MB
Total Pagefile: 8170.27 MB
Available Pagefile: 5992.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:30.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-13 10:29:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEVS-75UST0 rev.01.01A01 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Fabian\AppData\Local\Temp\uxdiipod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                      fffff80002e07000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                                                                                      fffff80002e07011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                      0000000075251465 2 bytes [25, 75]
.text    C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                    00000000752514bb 2 bytes [25, 75]
.text    ...                                                                                                                                                                                                    * 2
.text    C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000075251465 2 bytes [25, 75]
.text    C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000752514bb 2 bytes [25, 75]
.text    ...                                                                                                                                                                                                    * 2
.text    C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe[3152] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                  0000000075251465 2 bytes [25, 75]
.text    C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe[3152] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                  00000000752514bb 2 bytes [25, 75]
.text    ...                                                                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:2600]                                                                                                                                          000007fefe540168
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:3044]                                                                                                                                          000007fefb032a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:192]                                                                                                                                          000007feee5d4830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:4184]                                                                                                                                          000007fef8af5124
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:3564]                                                                                                                                          000007feee559d90
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:2164]                                                                                                                                          000007feee5d4830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [3988:1388]                                                                                                                                          000007fefe540168
---- Processes - GMER 2.1 ----

Process  C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (*** suspicious ***) @ C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [1552](2014-01-19 13:07:36)  0000000001240000
Library  C:\Users\Fabian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3152](2014-01-03 00:45:04)                                0000000003c00000
Library  C:\Users\Fabian\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3152](2013-10-18 23:55:02)                                      000000006d100000
Library  C:\Users\Fabian\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe [3152] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)        000000006c770000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                                        ?Do?, ?Feb ?13 ?14, 08:57:31????????????X??????????????????????

---- EOF - GMER 2.1 ----
Vielen Dank schon mal!
Gruß

aharonov 13.02.2014 20:57
Hallo,

das sollte kein Problem sein.
Schliesse alle befallenen USB-Sticks an und teile mir deren Laufwerksbuchstaben mit. (Und öffne keine dieser Verknüpfungen auf den Sticks mehr, denn dadurch infiziert sich der Rechner neu.)


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Mozilla] - C:\Users\Fabian\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs
C:\Users\Fabian\AppData\Roaming\Mozilla.vbs

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

KeyzerSoze 14.02.2014 20:31
Hallo!
Sorry, dass ich mich jetzt erst zurückmelde.
Auf jeden Fall schon mal danke für die schnelle Hilfe!

Die beiden USB-Sticks haben die Laufwerksbuchstaben F: und G:

Hier die anderen Informationen:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Fabian at 2014-02-14 20:05:28 Run:1
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Mozilla] - C:\Users\Fabian\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs
C:\Users\Fabian\AppData\Roaming\Mozilla.vbs
*****************

[2252] C:\Windows\System32\wscript.exe => Process closed successfully.
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla => Value deleted successfully.
C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs => Moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla.vbs => Moved successfully.

==== End of Fixlog ====
Code:
# AdwCleaner v3.018 - Report created 14/02/2014 at 20:14:23
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Fabian - FABIAN-PC
# Running from : C:\Users\Fabian\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\LyricsPal
Folder Deleted : C:\Users\Fabian\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Fabian\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Fabian\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Fabian\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Fabian\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Fabian\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\firejump@firejump.net
Folder Deleted : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\sparpilot@sparpilot.com
File Deleted : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\user.js
File Deleted : C:\Windows\Tasks\Lyrics-Pal Update.job
File Deleted : C:\Windows\System32\Tasks\Lyrics-Pal Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [sparpilot@sparpilot.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lyrics_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lyrics_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_video-performer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_video-performer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_abc-amber-nokia-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_abc-amber-nokia-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atmosphere-lite_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atmosphere-lite_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_cdcovercreator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_cdcovercreator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dvd-shrink_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sopcast_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sopcast_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\lyricspal
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0 (de)

[ File : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5746 octets] - [14/02/2014 20:12:49]
AdwCleaner[S0].txt - [5578 octets] - [14/02/2014 20:14:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5638 octets] ##########

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Fabian (administrator) on FABIAN-PC on 14-02-2014 20:20:43
Running from C:\Users\Fabian\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files\ProgDVB\ProgDVBService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
() C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3832064 2009-09-11] (O&O Software GmbH)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [] - [X]
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Amazon Cloud Player] - C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02EC7B611FC4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{0D91560E-2D71-4AA6-91B7-32E262F11FA2}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13 - C:\Users\Fabian\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\foxmarks@kei.com [2013-05-21]
FF Extension: DownloadHelper - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKCU\...\Firefox\Extensions: [{8f5010e2-9577-4aed-ad42-f2098ea15def}] - C:\Program Files (x86)\LyricsPal\133.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-07] ()
R2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-11] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-01-28] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake Video Downloader\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 20:17 - 2014-02-14 20:17 - 00005742 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2014-02-14 20:12 - 2014-02-14 20:14 - 00000000 ____D () C:\AdwCleaner
2014-02-14 20:09 - 2014-02-14 20:09 - 01166132 _____ () C:\Users\Fabian\Desktop\adwcleaner.exe
2014-02-14 20:05 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2014-02-13 11:19 - 2014-02-13 11:19 - 00009754 _____ () C:\Users\Fabian\Desktop\Ereignisse.txt
2014-02-13 10:29 - 2014-02-13 10:29 - 00005957 _____ () C:\Users\Fabian\Desktop\Gmer.txt
2014-02-13 09:56 - 2014-02-13 09:56 - 00380416 _____ () C:\Users\Fabian\Downloads\Gmer-19357.exe
2014-02-13 09:47 - 2014-02-13 09:48 - 00037806 _____ () C:\Users\Fabian\Desktop\Addition.txt
2014-02-13 09:46 - 2014-02-14 20:20 - 00016535 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-13 09:46 - 2014-02-14 20:20 - 00000000 ____D () C:\FRST
2014-02-13 09:45 - 2014-02-14 20:05 - 02152960 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:29 - 2014-02-08 18:30 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:10 - 2014-02-08 18:40 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-06 15:52 - 2014-02-06 16:07 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-05 17:19 - 2014-02-05 17:39 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-04 16:12 - 2014-02-04 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 19:57 - 2014-01-30 20:18 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:24 - 2014-01-29 21:54 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:15 - 2014-01-28 20:38 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 19:32 - 2014-01-28 20:11 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 18:47 - 2014-01-27 19:14 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:19 - 2014-01-27 18:45 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 18:27 - 2014-01-26 19:08 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 17:29 - 2014-01-26 18:25 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-22 20:59 - 2014-01-22 21:00 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:17 - 2014-01-22 20:46 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 15:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-22 15:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-22 15:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-22 15:10 - 2014-01-22 15:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 16:15 - 2014-01-21 17:07 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:53 - 2014-01-21 14:27 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:03 - 2014-01-21 13:45 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:06 - 2014-01-19 14:07 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 13:59 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 13:57 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-17 16:41 - 2014-01-17 16:44 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:35 - 2014-01-17 17:08 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 15:47 - 2014-01-17 16:15 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 17:57 - 2014-01-16 18:42 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:25 - 2014-01-16 17:47 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-15 21:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 21:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 21:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 21:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 20:27 - 2014-01-15 21:09 - 1625030776 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.14_20-15_vox_120_TVOON_DE.mpg.HQ.avi.otrkey

==================== One Month Modified Files and Folders =======

2014-02-14 20:21 - 2014-02-13 09:46 - 00016535 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-14 20:20 - 2014-02-13 09:46 - 00000000 ____D () C:\FRST
2014-02-14 20:19 - 2013-03-15 15:05 - 00000000 ___RD () C:\Users\Fabian\Dropbox
2014-02-14 20:19 - 2013-03-15 15:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Dropbox
2014-02-14 20:17 - 2014-02-14 20:17 - 00005742 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2014-02-14 20:17 - 2012-07-21 00:41 - 01302796 _____ () C:\Windows\system32\oodbs.lor
2014-02-14 20:17 - 2009-07-14 05:51 - 00124719 _____ () C:\Windows\setupact.log
2014-02-14 20:14 - 2014-02-14 20:12 - 00000000 ____D () C:\AdwCleaner
2014-02-14 20:14 - 2012-07-20 20:15 - 01097005 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 20:12 - 2013-05-21 17:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Free Download Manager
2014-02-14 20:09 - 2014-02-14 20:09 - 01166132 _____ () C:\Users\Fabian\Desktop\adwcleaner.exe
2014-02-14 20:05 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2014-02-14 20:05 - 2014-02-13 09:45 - 02152960 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-14 20:05 - 2012-07-20 20:24 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 20:02 - 2012-07-20 22:29 - 00697506 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 20:02 - 2012-07-20 22:29 - 00149442 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 20:02 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 20:01 - 2012-07-24 22:47 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2014-02-14 14:36 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 14:36 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 11:19 - 2014-02-13 11:19 - 00009754 _____ () C:\Users\Fabian\Desktop\Ereignisse.txt
2014-02-13 10:29 - 2014-02-13 10:29 - 00005957 _____ () C:\Users\Fabian\Desktop\Gmer.txt
2014-02-13 09:56 - 2014-02-13 09:56 - 00380416 _____ () C:\Users\Fabian\Downloads\Gmer-19357.exe
2014-02-13 09:48 - 2014-02-13 09:47 - 00037806 _____ () C:\Users\Fabian\Desktop\Addition.txt
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:43 - 2012-07-20 20:22 - 00000000 ____D () C:\Users\Fabian
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:32 - 2013-01-10 23:43 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ_Sicherungen
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:40 - 2014-02-08 18:10 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:30 - 2014-02-08 18:29 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:10 - 2012-07-23 11:00 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-08 14:12 - 2013-02-21 17:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ColdCut
2014-02-08 14:10 - 2013-02-21 18:29 - 00036864 _____ () C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-06 16:07 - 2014-02-06 15:52 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-06 13:41 - 2012-07-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 17:39 - 2014-02-05 17:19 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-04 16:12 - 2014-02-04 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-02 12:56 - 2013-04-27 18:36 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Audacity
2014-01-31 16:48 - 2012-09-18 12:56 - 00000000 ____D () C:\Users\Fabian\Desktop\Unterrichtsvorbereitung 1
2014-01-30 20:18 - 2014-01-30 19:57 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:54 - 2014-01-29 21:24 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:38 - 2014-01-28 20:15 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:11 - 2014-01-28 19:32 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 19:14 - 2014-01-27 18:47 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:45 - 2014-01-27 18:19 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 19:08 - 2014-01-26 18:27 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 18:25 - 2014-01-26 17:29 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-25 13:13 - 2012-08-03 13:36 - 00000000 ____D () C:\Users\Fabian\Documents\Eigene Scans
2014-01-22 21:00 - 2014-01-22 20:59 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:46 - 2014-01-22 20:17 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2014-01-22 15:10 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 15:11 - 2013-10-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-22 15:11 - 2013-06-22 13:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 17:07 - 2014-01-21 16:15 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 14:27 - 2014-01-21 13:53 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:45 - 2014-01-21 13:03 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 15:22 - 2013-05-21 22:43 - 00000000 ____D () C:\Users\Fabian\Documents\CD Cover_Karten
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:06 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 14:06 - 2014-01-19 13:59 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 14:06 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-18 12:36 - 2014-01-03 13:38 - 00001439 _____ () C:\Users\Fabian\Desktop\BBZ.lnk
2014-01-18 12:36 - 2014-01-03 13:38 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ
2014-01-17 17:08 - 2014-01-17 16:35 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 16:44 - 2014-01-17 16:41 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-17 16:15 - 2014-01-17 15:47 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 18:42 - 2014-01-16 17:57 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:47 - 2014-01-16 17:25 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 16:01 - 2013-03-15 15:02 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 22:35 - 2009-07-14 05:45 - 00443568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:05 - 2013-07-18 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 21:57 - 2012-07-20 20:55 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 21:09 - 2014-01-15 20:27 - 1625030776 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.14_20-15_vox_120_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-15 17:05 - 2012-09-05 10:56 - 00000000 ____D () C:\Users\Fabian\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Fabian\AppData\Local\Temp\AskSLib.dll
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\DeltaTB.exe
C:\Users\Fabian\AppData\Local\Temp\DivXSetup.exe
C:\Users\Fabian\AppData\Local\Temp\dp.exe
C:\Users\Fabian\AppData\Local\Temp\dvdshrink32setup.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightfp.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightrtd.exe
C:\Users\Fabian\AppData\Local\Temp\FreemakeVideoDownloader_3.1.0.2.exe
C:\Users\Fabian\AppData\Local\Temp\IminentSetup.exe
C:\Users\Fabian\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Fabian\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\ose00001.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\ripsetup.exe
C:\Users\Fabian\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 08:17

==================== End Of Log ============================
--- --- ---

--- --- ---


Gruß

aharonov 14.02.2014 23:23
Gut. Den nächsten Schritt mit eingesteckten USB-Sticks (ich nehme die Laufwerksbuchstaben G: und F: an) ausführen:


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CMD: dir /a "F:\"
CMD: dir /a "G:\"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


KeyzerSoze 15.02.2014 01:00
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Fabian at 2014-02-15 00:58:27 Run:2
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: dir /a "F:\"
CMD: dir /a "G:\"
*****************


=========  dir /a "F:\" =========

 Volume in Laufwerk F: hat keine Bezeichnung.
 Volumeseriennummer: 5AF2-15D8

 Verzeichnis von F:\

13.02.2014  14:23    <DIR>          A3
13.02.2014  14:23    <DIR>          A4
06.10.2013  18:07            9.694 Mozilla.vbs
14.02.2014  20:05              728 A3.lnk
14.02.2014  20:05              728 A4.lnk
              3 Datei(en),        11.150 Bytes
              2 Verzeichnis(se),  7.634.927.616 Bytes frei

========= End of CMD: =========


=========  dir /a "G:\" =========

 Volume in Laufwerk G: hat keine Bezeichnung.
 Volumeseriennummer: 4D42-0088

 Verzeichnis von G:\

14.07.2011  11:57    <DIR>          examen
14.07.2013  18:06    <DIR>          13_07_13 Examensball Johanna
18.08.2013  10:56    <DIR>          Examensball Johanna 13.7.13
14.01.2014  19:56        1.048.064 Matheprobe 2.doc
07.02.2013  22:26          246.761 Zeugnisse 3b.docx
07.02.2014  14:47    <DIR>          BBZ_Sicherungen
11.02.2014  10:42        3.403.143 20140211111215_00024.jpg
11.02.2014  10:22        11.500.537 20140211111215_00025.jpg
11.02.2014  10:22        4.205.279 20140211111215_00023.jpg
11.02.2014  10:22        6.266.199 20140211111215_00022.jpg
11.02.2014  10:22        5.977.980 20140211111215_00021.jpg
11.02.2014  10:22        16.886.086 20140211111215_00020.jpg
06.10.2013  18:07            9.694 Mozilla.vbs
04.06.2013  18:53    <DIR>          04_06_2013 Examen Johanna
11.02.2014  10:22        16.315.178 20140211111215_00019.jpg
11.02.2014  10:22        12.106.402 20140211111215_00018.jpg
11.02.2014  10:22        12.212.896 20140211111215_00017.jpg
11.02.2014  10:21        21.409.013 20140211111215_00016.jpg
11.02.2014  10:21        16.543.556 20140211111215_00015.jpg
11.02.2014  10:21        17.003.738 20140211111215_00014.jpg
11.02.2014  10:21        17.722.233 20140211111215_00013.jpg
11.02.2014  10:21        16.321.465 20140211111215_00012.jpg
11.02.2014  10:21        16.076.177 20140211111215_00011.jpg
11.02.2014  10:21        16.820.600 20140211111215_00010.jpg
11.02.2014  10:21        16.212.743 20140211111215_00009.jpg
11.02.2014  10:21        16.551.382 20140211111215_00008.jpg
11.02.2014  10:20        21.226.499 20140211111215_00007.jpg
11.02.2014  10:20        17.155.258 20140211111215_00006.jpg
11.02.2014  10:20        16.989.674 20140211111215_00005.jpg
11.02.2014  10:20        12.567.913 20140211111215_00004.jpg
11.02.2014  10:20        11.956.847 20140211111215_00003.jpg
11.02.2014  10:20        10.767.336 20140211111215_00002.jpg
11.02.2014  10:20        9.661.198 20140211111215_00001.jpg
11.02.2014  08:57        20.299.405 20140211095455_00004.jpg
11.02.2014  08:57        21.684.356 20140211095455_00003.jpg
11.02.2014  08:57        21.956.367 20140211095455_00001.jpg
14.02.2014  20:05            1.459 Matheprobe 2.lnk
14.02.2014  20:05            1.610 Zeugnisse 3b.lnk
14.02.2014  20:05              756 20140211111215_00024.lnk
14.02.2014  20:05              756 20140211111215_00025.lnk
14.02.2014  20:05              756 20140211111215_00023.lnk
14.02.2014  20:05              607 20140211111215_00022.lnk
14.02.2014  20:05              756 20140211111215_00021.lnk
14.02.2014  20:05              756 20140211111215_00020.lnk
14.02.2014  20:05              607 20140211111215_00019.lnk
14.02.2014  20:05              607 20140211111215_00018.lnk
14.02.2014  20:05              756 20140211111215_00017.lnk
14.02.2014  20:05              756 20140211111215_00016.lnk
14.02.2014  20:05              756 20140211111215_00015.lnk
14.02.2014  20:05              756 20140211111215_00014.lnk
14.02.2014  20:05              756 20140211111215_00013.lnk
14.02.2014  20:05              756 20140211111215_00012.lnk
14.02.2014  20:05              756 20140211111215_00011.lnk
14.02.2014  20:05              756 20140211111215_00010.lnk
14.02.2014  20:05              756 20140211111215_00009.lnk
14.02.2014  20:05              756 20140211111215_00008.lnk
14.02.2014  20:05              756 20140211111215_00007.lnk
14.02.2014  20:05              756 20140211111215_00006.lnk
14.02.2014  20:05              756 20140211111215_00005.lnk
14.02.2014  20:05              756 20140211111215_00004.lnk
14.02.2014  20:05              756 20140211111215_00003.lnk
14.02.2014  20:05              756 20140211111215_00002.lnk
14.02.2014  20:05              756 20140211111215_00001.lnk
14.02.2014  20:05              756 20140211095455_00004.lnk
14.02.2014  20:05              756 20140211095455_00003.lnk
14.02.2014  20:05              756 20140211095455_00001.lnk
14.02.2014  20:05              736 examen.lnk
14.02.2014  20:05              788 13_07_13 Examensball Johanna.lnk
14.02.2014  20:05              786 Examensball Johanna 13.7.13.lnk
14.02.2014  20:05              754 BBZ_Sicherungen.lnk
14.02.2014  20:05              782 04_06_2013 Examen Johanna.lnk
14.02.2014  20:17            1.562 BOOTEX.LOG
              67 Datei(en),    409.133.177 Bytes
              5 Verzeichnis(se),  5.838.712.832 Bytes frei

========= End of CMD: =========


==== End of Fixlog ====

aharonov 15.02.2014 12:50
Prima. Dann gehe ich bei folgenden Schritten immer noch von unveränderten Laufwerksbuchstaben für diese beiden Sticks aus.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
F:\Mozilla.vbs
F:\A3.lnk
F:\A4.lnk
G:\Mozilla.vbs
G:\Matheprobe 2.lnk
G:\Zeugnisse 3b.lnk
G:\20140211111215_00024.lnk
G:\20140211111215_00025.lnk
G:\20140211111215_00023.lnk
G:\20140211111215_00022.lnk
G:\20140211111215_00021.lnk
G:\20140211111215_00020.lnk
G:\20140211111215_00019.lnk
G:\20140211111215_00018.lnk
G:\20140211111215_00017.lnk
G:\20140211111215_00016.lnk
G:\20140211111215_00015.lnk
G:\20140211111215_00014.lnk
G:\20140211111215_00013.lnk
G:\20140211111215_00012.lnk
G:\20140211111215_00011.lnk
G:\20140211111215_00010.lnk
G:\20140211111215_00009.lnk
G:\20140211111215_00008.lnk
G:\20140211111215_00007.lnk
G:\20140211111215_00006.lnk
G:\20140211111215_00005.lnk
G:\20140211111215_00004.lnk
G:\20140211111215_00003.lnk
G:\20140211111215_00002.lnk
G:\20140211111215_00001.lnk
G:\20140211095455_00004.lnk
G:\20140211095455_00003.lnk
G:\20140211095455_00001.lnk
G:\examen.lnk
G:\13_07_13 Examensball Johanna.lnk
G:\Examensball Johanna 13.7.13.lnk
G:\BBZ_Sicherungen.lnk
G:\04_06_2013 Examen Johanna.lnk
G:\BOOTEX.LOG
CMD: attrib -h -s "F:\*" /s /d
CMD: attrib -h -s "G:\*" /s /d

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

KeyzerSoze 15.02.2014 16:14
OK, erledigt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Fabian at 2014-02-15 13:29:35 Run:3
Running from C:\Users\Fabian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
F:\Mozilla.vbs
F:\A3.lnk
F:\A4.lnk
G:\Mozilla.vbs
G:\Matheprobe 2.lnk
G:\Zeugnisse 3b.lnk
G:\20140211111215_00024.lnk
G:\20140211111215_00025.lnk
G:\20140211111215_00023.lnk
G:\20140211111215_00022.lnk
G:\20140211111215_00021.lnk
G:\20140211111215_00020.lnk
G:\20140211111215_00019.lnk
G:\20140211111215_00018.lnk
G:\20140211111215_00017.lnk
G:\20140211111215_00016.lnk
G:\20140211111215_00015.lnk
G:\20140211111215_00014.lnk
G:\20140211111215_00013.lnk
G:\20140211111215_00012.lnk
G:\20140211111215_00011.lnk
G:\20140211111215_00010.lnk
G:\20140211111215_00009.lnk
G:\20140211111215_00008.lnk
G:\20140211111215_00007.lnk
G:\20140211111215_00006.lnk
G:\20140211111215_00005.lnk
G:\20140211111215_00004.lnk
G:\20140211111215_00003.lnk
G:\20140211111215_00002.lnk
G:\20140211111215_00001.lnk
G:\20140211095455_00004.lnk
G:\20140211095455_00003.lnk
G:\20140211095455_00001.lnk
G:\examen.lnk
G:\13_07_13 Examensball Johanna.lnk
G:\Examensball Johanna 13.7.13.lnk
G:\BBZ_Sicherungen.lnk
G:\04_06_2013 Examen Johanna.lnk
G:\BOOTEX.LOG
CMD: attrib -h -s "F:\*" /s /d
CMD: attrib -h -s "G:\*" /s /d
*****************

F:\Mozilla.vbs => Moved successfully.
F:\A3.lnk => Moved successfully.
F:\A4.lnk => Moved successfully.
G:\Mozilla.vbs => Moved successfully.
G:\Matheprobe 2.lnk => Moved successfully.
G:\Zeugnisse 3b.lnk => Moved successfully.
G:\20140211111215_00024.lnk => Moved successfully.
G:\20140211111215_00025.lnk => Moved successfully.
G:\20140211111215_00023.lnk => Moved successfully.
G:\20140211111215_00022.lnk => Moved successfully.
G:\20140211111215_00021.lnk => Moved successfully.
G:\20140211111215_00020.lnk => Moved successfully.
G:\20140211111215_00019.lnk => Moved successfully.
G:\20140211111215_00018.lnk => Moved successfully.
G:\20140211111215_00017.lnk => Moved successfully.
G:\20140211111215_00016.lnk => Moved successfully.
G:\20140211111215_00015.lnk => Moved successfully.
G:\20140211111215_00014.lnk => Moved successfully.
G:\20140211111215_00013.lnk => Moved successfully.
G:\20140211111215_00012.lnk => Moved successfully.
G:\20140211111215_00011.lnk => Moved successfully.
G:\20140211111215_00010.lnk => Moved successfully.
G:\20140211111215_00009.lnk => Moved successfully.
G:\20140211111215_00008.lnk => Moved successfully.
G:\20140211111215_00007.lnk => Moved successfully.
G:\20140211111215_00006.lnk => Moved successfully.
G:\20140211111215_00005.lnk => Moved successfully.
G:\20140211111215_00004.lnk => Moved successfully.
G:\20140211111215_00003.lnk => Moved successfully.
G:\20140211111215_00002.lnk => Moved successfully.
G:\20140211111215_00001.lnk => Moved successfully.
G:\20140211095455_00004.lnk => Moved successfully.
G:\20140211095455_00003.lnk => Moved successfully.
G:\20140211095455_00001.lnk => Moved successfully.
G:\examen.lnk => Moved successfully.
G:\13_07_13 Examensball Johanna.lnk => Moved successfully.
G:\Examensball Johanna 13.7.13.lnk => Moved successfully.
G:\BBZ_Sicherungen.lnk => Moved successfully.
G:\04_06_2013 Examen Johanna.lnk => Moved successfully.
G:\BOOTEX.LOG => Moved successfully.

=========  attrib -h -s "F:\*" /s /d =========


========= End of CMD: =========


=========  attrib -h -s "G:\*" /s /d =========


========= End of CMD: =========


==== End of Fixlog ====
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9a708c6d652ecf4090003731a2d54626
# engine=17087
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-15 02:51:25
# local_time=2014-02-15 03:51:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 73087 163147190 65855 0
# compatibility_mode=5893 16776574 100 94 18956562 144105735 0 0
# scanned=247897
# found=47
# cleaned=0
# scan_time=7623
sh=489879551C877644C60EADF3BD50AEB9FEE29E98 ft=0 fh=0000000000000000 vn="Win32/AdWare.AddLyrics.T application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsPal\133.crx.vir"
sh=D6CE6F9011EC8AD4D840C7D2DD23680B51D7CEEB ft=1 fh=56a8308eaf76a6e6 vn="a variant of Win32/AdWare.AddLyrics.W application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsPal\Uninstall.exe.vir"
sh=288BEE8847DF5447BB9E8C74D98A8962B96D4538 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\04_06_2013 Examen Johanna.lnk15-02-2014_13-29-36"
sh=422ED39DC0D77EF5C0946FC28630AD54DC027681 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\13_07_13 Examensball Johanna.lnk15-02-2014_13-29-36"
sh=7082F37A65DD6DCB1F87A1465F05FFD60AAD5EB0 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211095455_00001.lnk15-02-2014_13-29-36"
sh=0F6EA86239183D1F13AB4D0CA9918867A8F12D8B ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211095455_00003.lnk15-02-2014_13-29-36"
sh=1CDD04BCC45E89B03FDEAA5A09C7C90C6EB55589 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211095455_00004.lnk15-02-2014_13-29-36"
sh=490442148F14AFA801781218C63D5AF502AEBB00 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00001.lnk15-02-2014_13-29-36"
sh=E7DB8E52D0D465BEF173684CA4A1894B43655983 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00002.lnk15-02-2014_13-29-36"
sh=AED1A48678C2098C5978407FB80124345BEFC698 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00003.lnk15-02-2014_13-29-36"
sh=B4978B6B9A1518CCF0FD43611926858EAD8693AE ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00004.lnk15-02-2014_13-29-36"
sh=6B1D0E4BE2C963B98B04C8997CEB3C38EE0148C0 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00005.lnk15-02-2014_13-29-36"
sh=615FB5B8B3613A90F37E8F4231158B6B0EFEEDC6 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00006.lnk15-02-2014_13-29-36"
sh=77BC6FECB0343D6D28E7A2C26A7CDC6A23D1A2DC ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00007.lnk15-02-2014_13-29-36"
sh=FE8E2AEDC50E5EF2C00DB27574450694F9698BB8 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00008.lnk15-02-2014_13-29-36"
sh=22F4C33FCA71472F52B0FD29E093A59FA55984F5 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00009.lnk15-02-2014_13-29-36"
sh=864BA69FF8E24B9090C8270FC43499EAD1899AC6 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00010.lnk15-02-2014_13-29-36"
sh=434A966DA39E3D1870CA998CFA47393E7C48747B ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00011.lnk15-02-2014_13-29-36"
sh=2273EE7EB86A915F0973FF2672E273C08F1976A9 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00012.lnk15-02-2014_13-29-36"
sh=E376525148025E155DC6FD35F0F7744B804750A2 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00013.lnk15-02-2014_13-29-36"
sh=22F4C33FCA71472F52B0FD29E093A59FA55984F5 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00014.lnk15-02-2014_13-29-36"
sh=388A1C2587860B954AAC1E11918BC35BE4520D19 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00015.lnk15-02-2014_13-29-36"
sh=00AFD44161651960A47AB7ADF4567E02BE9102C7 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00016.lnk15-02-2014_13-29-35"
sh=94A652BA9C92E85E056A11F05DDFCC54519F5D71 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00017.lnk15-02-2014_13-29-35"
sh=456323F7362536892CDD604A41374E37B2E01A82 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00018.lnk15-02-2014_13-29-35"
sh=3C2517D62F805B489E71D7C7E2FD1C01AFAF70AF ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00019.lnk15-02-2014_13-29-35"
sh=9C7DE234AE9C79B8F0DCCA409A8845FB6D40CE8C ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00020.lnk15-02-2014_13-29-35"
sh=20CD9800F3AEB17B3D58DDE6B234EA7AAB566409 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00021.lnk15-02-2014_13-29-35"
sh=3708AEC5E742BAF5F648C2E79EAD9FFC7FBEF2A3 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00022.lnk15-02-2014_13-29-35"
sh=E74BE2C935D47ED0A6D27738E9D074BA6AEE538F ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00023.lnk15-02-2014_13-29-35"
sh=0FBD298186EB43998286710C8557DC997AD08963 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00024.lnk15-02-2014_13-29-35"
sh=69D873E668312DEF30BC4B803483D42F0537C44A ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\20140211111215_00025.lnk15-02-2014_13-29-35"
sh=2A879B8FD5003BB672068795F2BB70084EB9C0A0 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\A3.lnk15-02-2014_13-29-35"
sh=45966F00D4CD8337EF5AB9BD2FAC4736CFF87B4C ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\A4.lnk15-02-2014_13-29-35"
sh=2B92941931EA8EAB4C389F5EEE570D7D909ADC09 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\BBZ_Sicherungen.lnk15-02-2014_13-29-36"
sh=661371205517664FA04E865835DE87D291E2F054 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\examen.lnk15-02-2014_13-29-36"
sh=6213D60F56AF8F56055636893870FF8382D8D45B ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\Examensball Johanna 13.7.13.lnk15-02-2014_13-29-36"
sh=46A7318AF478F2E83927FD3532CF4C06A5C4FA11 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\Matheprobe 2.lnk15-02-2014_13-29-35"
sh=997A4BC2E0B59DBB5FF6BAFBE13AA1FA8086B20C ft=0 fh=0000000000000000 vn="VBS/Agent.NET worm" ac=I fn="C:\FRST\Quarantine\Mozilla.vbs14-02-2014_20-05-28"
sh=997A4BC2E0B59DBB5FF6BAFBE13AA1FA8086B20C ft=0 fh=0000000000000000 vn="VBS/Agent.NET worm" ac=I fn="C:\FRST\Quarantine\Mozilla.vbs15-02-2014_13-29-35"
sh=3ADD90DFEF8B4AFF410E4B0FC55E020DB88FA014 ft=0 fh=0000000000000000 vn="LNK/Agent.AK trojan" ac=I fn="C:\FRST\Quarantine\Zeugnisse 3b.lnk15-02-2014_13-29-35"
sh=F721A9E1AC3EA08C6EBE5309FA84315080D4D8D8 ft=1 fh=17fe8b2a6c886bfd vn="a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Fabian\AppData\Local\Temp\OptimizerPro.exe"
sh=9A756E71643051115F2BFC7BFAE0E4532FC6A5D7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Fabian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\d89274c-629d61ac"
sh=BC1C1A644E6EC6EBD7EF21DD000595CCF3FDF33F ft=1 fh=b8d4f3901e19da42 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\Users\Fabian\Downloads\Player-Firefox(1).exe"
sh=1347EAA4ADF80C3955696B3D88524A5BBBB07427 ft=1 fh=0fcef95bee156f4d vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\Users\Fabian\Downloads\Player-Firefox.exe"
sh=5C5530B8EB15D1265A99391920D3920B511FAD7A ft=1 fh=83c9eb2189ca4fb8 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\Users\Fabian\Downloads\Updater_Setup(1).exe"
sh=E358D601AD83D25BAAB5502D4227D76210580274 ft=1 fh=ab1e2b03e7130c9a vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\Users\Fabian\Downloads\Updater_Setup.exe"

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Fabian (administrator) on FABIAN-PC on 15-02-2014 16:10:13
Running from C:\Users\Fabian\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
() C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files\ProgDVB\ProgDVBService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3832064 2009-09-11] (O&O Software GmbH)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [] - [X]
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-686489922-4127905493-3137270334-1000\...\Run: [Amazon Cloud Player] - C:\Users\Fabian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02EC7B611FC4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{0D91560E-2D71-4AA6-91B7-32E262F11FA2}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.0.13 - C:\Users\Fabian\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Fabian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\foxmarks@kei.com [2013-05-21]
FF Extension: DownloadHelper - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\z7vcumd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-25]
FF HKCU\...\Firefox\Extensions: [{8f5010e2-9577-4aed-ad42-f2098ea15def}] - C:\Program Files (x86)\LyricsPal\133.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-07] ()
R2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-11] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-01-28] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
S2 FreemakeVideoCapture; "C:\Program Files (x86)\Freemake Video Downloader\CaptureLib\CaptureLibService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 13:37 - 2014-02-15 13:37 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_enu.exe
2014-02-14 20:17 - 2014-02-14 20:17 - 00005742 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2014-02-14 20:12 - 2014-02-14 20:14 - 00000000 ____D () C:\AdwCleaner
2014-02-14 20:09 - 2014-02-14 20:09 - 01166132 _____ () C:\Users\Fabian\Desktop\adwcleaner.exe
2014-02-14 20:05 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2014-02-13 11:19 - 2014-02-13 11:19 - 00009754 _____ () C:\Users\Fabian\Desktop\Ereignisse.txt
2014-02-13 10:29 - 2014-02-13 10:29 - 00005957 _____ () C:\Users\Fabian\Desktop\Gmer.txt
2014-02-13 09:56 - 2014-02-13 09:56 - 00380416 _____ () C:\Users\Fabian\Downloads\Gmer-19357.exe
2014-02-13 09:47 - 2014-02-13 09:48 - 00037806 _____ () C:\Users\Fabian\Desktop\Addition.txt
2014-02-13 09:46 - 2014-02-15 16:10 - 00016595 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-13 09:46 - 2014-02-15 16:10 - 00000000 ____D () C:\FRST
2014-02-13 09:45 - 2014-02-14 20:05 - 02152960 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:29 - 2014-02-08 18:30 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:10 - 2014-02-08 18:40 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-06 15:52 - 2014-02-06 16:07 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-05 17:19 - 2014-02-05 17:39 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-04 16:12 - 2014-02-15 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 19:57 - 2014-01-30 20:18 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:24 - 2014-01-29 21:54 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:15 - 2014-01-28 20:38 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 19:32 - 2014-01-28 20:11 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 18:47 - 2014-01-27 19:14 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:19 - 2014-01-27 18:45 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 18:27 - 2014-01-26 19:08 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 17:29 - 2014-01-26 18:25 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-22 20:59 - 2014-01-22 21:00 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:17 - 2014-01-22 20:46 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-22 15:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-22 15:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-22 15:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-22 15:10 - 2014-01-22 15:11 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 16:15 - 2014-01-21 17:07 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:53 - 2014-01-21 14:27 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:03 - 2014-01-21 13:45 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:06 - 2014-01-19 14:07 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 13:59 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 13:57 - 2014-01-19 14:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-17 16:41 - 2014-01-17 16:44 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:35 - 2014-01-17 17:08 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 15:47 - 2014-01-17 16:15 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 17:57 - 2014-01-16 18:42 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:25 - 2014-01-16 17:47 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey

==================== One Month Modified Files and Folders =======

2014-02-15 16:10 - 2014-02-13 09:46 - 00016595 _____ () C:\Users\Fabian\Desktop\FRST.txt
2014-02-15 16:10 - 2014-02-13 09:46 - 00000000 ____D () C:\FRST
2014-02-15 13:37 - 2014-02-15 13:37 - 02347384 _____ (ESET) C:\Users\Fabian\Desktop\esetsmartinstaller_enu.exe
2014-02-15 13:37 - 2013-05-21 17:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Free Download Manager
2014-02-15 13:27 - 2012-07-24 22:47 - 00000000 ____D () C:\Users\Fabian\Documents\Outlook-Dateien
2014-02-15 10:13 - 2014-02-04 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 09:57 - 2012-07-20 20:15 - 01117256 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 09:55 - 2013-03-15 15:05 - 00000000 ___RD () C:\Users\Fabian\Dropbox
2014-02-15 09:55 - 2013-03-15 15:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Dropbox
2014-02-15 09:53 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 09:53 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 09:47 - 2012-07-21 00:41 - 01304072 _____ () C:\Windows\system32\oodbs.lor
2014-02-15 09:47 - 2009-07-14 05:51 - 00124775 _____ () C:\Windows\setupact.log
2014-02-14 20:17 - 2014-02-14 20:17 - 00005742 _____ () C:\Users\Fabian\Desktop\AdwCleaner[S0].txt
2014-02-14 20:14 - 2014-02-14 20:12 - 00000000 ____D () C:\AdwCleaner
2014-02-14 20:09 - 2014-02-14 20:09 - 01166132 _____ () C:\Users\Fabian\Desktop\adwcleaner.exe
2014-02-14 20:05 - 2014-02-14 20:05 - 00000000 ____D () C:\Users\Fabian\Desktop\FRST-OlderVersion
2014-02-14 20:05 - 2014-02-13 09:45 - 02152960 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2014-02-14 20:05 - 2012-07-20 20:24 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 20:02 - 2012-07-20 22:29 - 00697506 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 20:02 - 2012-07-20 22:29 - 00149442 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 20:02 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 11:19 - 2014-02-13 11:19 - 00009754 _____ () C:\Users\Fabian\Desktop\Ereignisse.txt
2014-02-13 10:29 - 2014-02-13 10:29 - 00005957 _____ () C:\Users\Fabian\Desktop\Gmer.txt
2014-02-13 09:56 - 2014-02-13 09:56 - 00380416 _____ () C:\Users\Fabian\Downloads\Gmer-19357.exe
2014-02-13 09:48 - 2014-02-13 09:47 - 00037806 _____ () C:\Users\Fabian\Desktop\Addition.txt
2014-02-13 09:43 - 2014-02-13 09:43 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2014-02-13 09:43 - 2014-02-13 09:43 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2014-02-13 09:43 - 2012-07-20 20:22 - 00000000 ____D () C:\Users\Fabian
2014-02-13 09:41 - 2014-02-13 09:41 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2014-02-12 21:12 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Fabian\Desktop\Lehrprobe_Bilder
2014-02-12 17:27 - 2014-02-12 17:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 17:26 - 2014-02-12 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 17:24 - 2014-02-12 17:24 - 00614792 _____ (Chip Digital GmbH) C:\Users\Fabian\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-11 14:32 - 2013-01-10 23:43 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ_Sicherungen
2014-02-11 14:17 - 2014-02-11 14:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf272b92e7b791.job
2014-02-08 19:23 - 2014-02-08 19:23 - 00003188 _____ () C:\Users\Fabian\Downloads\Drivers.txt
2014-02-08 19:12 - 2014-02-08 19:12 - 00000000 ____D () C:\Users\Fabian\Desktop\PPFScanner Scanfiles 20140208_18_35_20_929_1
2014-02-08 18:40 - 2014-02-08 18:10 - 1569118568 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey
2014-02-08 18:31 - 2014-02-08 18:31 - 00000000 ____D () C:\Users\Fabian\Desktop\ppfs
2014-02-08 18:30 - 2014-02-08 18:29 - 07873813 _____ () C:\Users\Fabian\Downloads\PPFScan.zip
2014-02-08 18:10 - 2014-02-08 18:10 - 00030192 _____ () C:\Users\Fabian\Downloads\Dialog_mit_meinem_Gaertner_14.01.30_22-25_3sat_100_TVOON_DE.mpg.HD.avi.otrkey.torrent
2014-02-08 16:20 - 2014-02-08 16:20 - 00139104 _____ () C:\Users\Fabian\Downloads\setup.exe
2014-02-08 16:10 - 2012-07-23 11:00 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2014-02-08 16:03 - 2014-02-08 16:03 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup(1).exe
2014-02-08 16:02 - 2014-02-08 16:02 - 01691944 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Updater_Setup.exe
2014-02-08 14:12 - 2013-02-21 17:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ColdCut
2014-02-08 14:10 - 2013-02-21 18:29 - 00036864 _____ () C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-06 16:07 - 2014-02-06 15:52 - 606657056 _____ () C:\Users\Fabian\Downloads\Wildes_Nairobi_Wo_Leoparden_durch_Gaerten_schleichen_14.02.05_20-15_3sat_45_TVOON_DE.mpg.avi.otrkey
2014-02-06 13:41 - 2012-07-23 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 17:39 - 2014-02-05 17:19 - 793518412 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.02.04_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-02-02 12:56 - 2013-04-27 18:36 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Audacity
2014-01-31 16:48 - 2012-09-18 12:56 - 00000000 ____D () C:\Users\Fabian\Desktop\Unterrichtsvorbereitung 1
2014-01-30 20:18 - 2014-01-30 19:57 - 839609300 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.28_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-30 15:27 - 2014-01-30 15:27 - 00996352 _____ () C:\Users\Fabian\Downloads\kap_4_geometrie.ppt
2014-01-29 21:54 - 2014-01-29 21:24 - 1177265194 _____ () C:\Users\Fabian\Downloads\Wild_Things_14.01.09_22-10_kabel1_130_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:38 - 2014-01-28 20:15 - 777278040 _____ () C:\Users\Fabian\Downloads\Terra_X_14.01.26_19-30_zdf_45_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-28 20:11 - 2014-01-28 19:32 - 1482697378 _____ () C:\Users\Fabian\Downloads\Die_Grauzone_14.01.27_23-10_3sat_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-27 19:14 - 2014-01-27 18:47 - 1073993208 _____ () C:\Users\Fabian\Downloads\Umstaendlich_verliebt_14.01.26_20-15_pro7_135_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-27 18:45 - 2014-01-27 18:19 - 985341178 _____ () C:\Users\Fabian\Downloads\Source_Code_14.01.26_20-15_rtl_105_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-26 19:08 - 2014-01-26 18:27 - 1600083292 _____ () C:\Users\Fabian\Downloads\Und_taeglich_gruesst_das_Murmeltier_14.01.24_20-15_zdfneo_105_TVOON_DE.mpg.HD.avi.otrkey
2014-01-26 18:25 - 2014-01-26 17:29 - 2183184932 _____ () C:\Users\Fabian\Downloads\Speed_Auf_der_Suche_nach_der_verlorenen_Zeit_14.01.22_20-15_arte_95_TVOON_DE.mpg.HD.avi.otrkey
2014-01-25 15:59 - 2014-01-25 15:59 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox(1).exe
2014-01-25 15:42 - 2014-01-25 15:42 - 01659688 _____ (Premium Installer ) C:\Users\Fabian\Downloads\Player-Firefox.exe
2014-01-25 13:13 - 2012-08-03 13:36 - 00000000 ____D () C:\Users\Fabian\Documents\Eigene Scans
2014-01-22 21:00 - 2014-01-22 20:59 - 919955132 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi
2014-01-22 20:46 - 2014-01-22 20:17 - 919955654 _____ () C:\Users\Fabian\Downloads\Real_Cool_Runnings_Von_Kenia_aufs_Eis_14.01.21_20-15_vox_60_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-22 15:11 - 2014-01-22 15:10 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-22 15:11 - 2013-10-21 14:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-22 15:11 - 2013-06-22 13:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 17:07 - 2014-01-21 16:15 - 2057580902 _____ () C:\Users\Fabian\Downloads\Besser_geht_s_nicht_14.01.20_23-15_ndr_130_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 14:27 - 2014-01-21 13:53 - 1343516246 _____ () C:\Users\Fabian\Downloads\The_Fog_Nebel_des_Grauens_14.01.20_22-15_arte_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-21 13:45 - 2014-01-21 13:03 - 1631571240 _____ () C:\Users\Fabian\Downloads\Nichts_fuer_Feiglinge_14.01.10_20-15_ard_90_TVOON_DE.mpg.HD.avi.otrkey
2014-01-19 15:22 - 2013-05-21 22:43 - 00000000 ____D () C:\Users\Fabian\Documents\CD Cover_Karten
2014-01-19 14:43 - 2014-01-19 14:43 - 00018136 _____ () C:\Users\Fabian\Downloads\88f169fcda95a01c309a3d4935b99fa9.jpeg
2014-01-19 14:20 - 2014-01-19 14:20 - 00051046 _____ () C:\Users\Fabian\Downloads\cd_cover_dot.zip
2014-01-19 14:07 - 2014-01-19 14:07 - 00001214 _____ () C:\Users\Fabian\Desktop\Amazon Cloud Player.lnk
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:07 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Amazon Cloud Player
2014-01-19 14:07 - 2014-01-19 14:06 - 36160080 _____ (Amazon) C:\Users\Fabian\Downloads\AmazonCloudPlayerInstaller_422.exe
2014-01-19 14:06 - 2014-01-19 13:59 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Amazon
2014-01-19 14:06 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-19 13:57 - 2014-01-19 13:57 - 02328864 _____ () C:\Users\Fabian\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-19 13:57 - 2014-01-19 13:57 - 00000000 ____D () C:\Users\Fabian\Documents\Amazon MP3
2014-01-18 18:31 - 2014-01-18 18:31 - 00021186 _____ () C:\Users\Fabian\Downloads\Grundwortschatz Bayern 3__4_ Klasse(2).zip
2014-01-18 12:36 - 2014-01-03 13:38 - 00001439 _____ () C:\Users\Fabian\Desktop\BBZ.lnk
2014-01-18 12:36 - 2014-01-03 13:38 - 00000000 ____D () C:\Users\Fabian\Desktop\BBZ
2014-01-17 17:08 - 2014-01-17 16:35 - 1231497446 _____ () C:\Users\Fabian\Downloads\Hot_Shots_2__Der_2__Versuch_14.01.16_22-10_kabel1_110_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-17 16:44 - 2014-01-17 16:41 - 36759539 _____ () C:\Users\Fabian\Downloads\win-installer-415.exe
2014-01-17 16:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-17 16:15 - 2014-01-17 15:47 - 1087572086 _____ () C:\Users\Fabian\Downloads\Hot_Shots_Die_Mutter_aller_Filme_14.01.16_20-15_kabel1_115_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 18:42 - 2014-01-16 17:57 - 1745482030 _____ () C:\Users\Fabian\Downloads\Poltergeist_14.01.13_21-50_arte_115_TVOON_DE.mpg.HD.avi.otrkey
2014-01-16 17:47 - 2014-01-16 17:25 - 833519788 _____ () C:\Users\Fabian\Downloads\Frozen_Eiskalter_Abgrund_14.01.13_00-20_pro7_100_TVOON_DE.mpg.HQ.avi.otrkey
2014-01-16 16:01 - 2013-03-15 15:02 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Fabian\AppData\Local\Temp\AskSLib.dll
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\DeltaTB.exe
C:\Users\Fabian\AppData\Local\Temp\DivXSetup.exe
C:\Users\Fabian\AppData\Local\Temp\dp.exe
C:\Users\Fabian\AppData\Local\Temp\dvdshrink32setup.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightfp.exe
C:\Users\Fabian\AppData\Local\Temp\EasyDownLightrtd.exe
C:\Users\Fabian\AppData\Local\Temp\FreemakeVideoDownloader_3.1.0.2.exe
C:\Users\Fabian\AppData\Local\Temp\IminentSetup.exe
C:\Users\Fabian\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Fabian\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Fabian\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Fabian\AppData\Local\Temp\ose00000.exe
C:\Users\Fabian\AppData\Local\Temp\ose00001.exe
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
C:\Users\Fabian\AppData\Local\Temp\ripsetup.exe
C:\Users\Fabian\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Fabian\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 08:17

==================== End Of Log ============================
--- --- ---

--- --- ---


Gruß

aharonov 16.02.2014 20:58
Sieht gut aus. Ist jetzt alles in Ordnung auf dem Rechner und den USB-Sticks?

KeyzerSoze 16.02.2014 23:03
Ich sehe keine Verknüpfungen mehr auf den Sticks! :lach:
Kann ich die Dateien darauf jetzt wieder nutzen? Und kann ich bedenkenlos meine externen Festplatten wieder anschließen (die waren nicht angeschlossen als das mit den Verknüpfungen begonnen hat)?
Mir ist noch eingefallen, dass ich den einen Stick formatiert habe, bevor ich mich bei euch gemeldet habe. Da waren Verknüpfungen drauf, die ich angeklickt habe. Aber das ist wahrscheinlich jetzt nicht mehr wichtig, nehme ich an.
Aber eine Sache ist noch seltsam: Nach dem Hochfahren des Rechners dauert es mal kürzer mal länger und dann kommt plötzlich ein Windows-Ton (so ein "Bling") und die Taskleiste ist kurz weg. Ob der Desktop auch kurz weg ist, weiß ich nicht, da das bisher immer passiert ist, wenn schon ein Programm offen war... Ich kann mich nicht erinnern, dass das vorher auch so war.

Grüße


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19