Trojaner-Board - Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles

Hallo Schrauber , danke für deine Antwort
anbai scann mit RST 32 bit
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01

Ran by Tomek (administrator) on TOMEK-PC on 09-03-2014 12:36:35

Running from C:\Users\Tomek\AppData\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJHE.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe

(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

() C:\Program Files\ASUS\Printer Utilities\UsbService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Farbar) C:\Users\Tomek\AppData\Downloads\FRST(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)

HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {e9e5f5b4-9a38-11df-a438-806e6f6e6963} - E:\InstallNavi.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File

Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]

FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin

FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]

CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]

CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)

R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)

R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)

R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)

R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()

S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL

2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 22:52 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 20:30 - 2014-03-09 12:36 - 00000000 ____D () C:\FRST

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll

2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-16 17:17 - 2014-03-09 12:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-09 12:36 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST

2014-03-09 12:34 - 2012-08-05 12:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-09 12:34 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype

2014-03-09 12:32 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log

2014-03-09 12:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 12:32 - 2009-07-14 05:39 - 00010805 _____ () C:\Windows\setupact.log

2014-03-09 12:30 - 2010-07-28 13:21 - 01454115 _____ () C:\Windows\WindowsUpdate.log

2014-03-09 12:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-09 12:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-03-09 11:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-09 11:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url

2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-09 09:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-09 09:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:52 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump

2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP

2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek

2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software

2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder

2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt

2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout

2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software

2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit

2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus

2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus

2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg

2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno

2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel

2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG

2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine

2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore

2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software

2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor

2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON

2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live

2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
 

Some content of TEMP:

====================

C:\Users\Tomek\AppData\Local\Temp\avgnt.exe

C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe

C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll

C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tomek\AppData\Local\Temp\Java.exe

C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe

C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tomek\AppData\Local\Temp\Uni000.exe

C:\Users\Tomek\AppData\Local\Temp\uninst1.exe

C:\Users\Tomek\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-28 00:37
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Vielen Dank für deine Antwort im Voraus

Hallo Schrauber
Hier noch mal nach # Eingabe
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01

Ran by Tomek (administrator) on TOMEK-PC on 09-03-2014 12:46:33

Running from C:\Users\Tomek\AppData\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJHE.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe

(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

() C:\Program Files\ASUS\Printer Utilities\UsbService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Farbar) C:\Users\Tomek\AppData\Downloads\FRST(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)

HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {e9e5f5b4-9a38-11df-a438-806e6f6e6963} - E:\InstallNavi.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File

Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]

FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin

FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]

CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]

CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)

R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)

R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)

R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)

R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()

S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL

2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 22:52 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 20:30 - 2014-03-09 12:46 - 00000000 ____D () C:\FRST

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll

2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-16 17:17 - 2014-03-09 12:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-09 12:46 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST

2014-03-09 12:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-09 12:41 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-09 12:34 - 2012-08-05 12:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-09 12:34 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype

2014-03-09 12:32 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log

2014-03-09 12:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 12:32 - 2009-07-14 05:39 - 00010805 _____ () C:\Windows\setupact.log

2014-03-09 12:30 - 2010-07-28 13:21 - 01460553 _____ () C:\Windows\WindowsUpdate.log

2014-03-09 12:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-09 12:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-03-09 11:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-09 11:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url

2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:52 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump

2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP

2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek

2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software

2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder

2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt

2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout

2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software

2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit

2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus

2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus

2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg

2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno

2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel

2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG

2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine

2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore

2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software

2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor

2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON

2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live

2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
 

Some content of TEMP:

====================

C:\Users\Tomek\AppData\Local\Temp\avgnt.exe

C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe

C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll

C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tomek\AppData\Local\Temp\Java.exe

C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe

C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tomek\AppData\Local\Temp\Uni000.exe

C:\Users\Tomek\AppData\Local\Temp\uninst1.exe

C:\Users\Tomek\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-28 00:37
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hallo Schrauber, OK hier noch mal von heute:
FRST.txt
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01

Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30

Running from C:\Users\Tomek\AppData\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

() C:\Program Files\ASUS\Printer Utilities\UsbService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe

(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)

HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File

Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375

FF Homepage: hxxp://de.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]

FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin

FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]

CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]

CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)

R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)

R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)

R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)

R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()

S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL

2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll

2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST

2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype

2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log

2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log

2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url

2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump

2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP

2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek

2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software

2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder

2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt

2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout

2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software

2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit

2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus

2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus

2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg

2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno

2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel

2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG

2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine

2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore

2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software

2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor

2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON

2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live

2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
 

Some content of TEMP:

====================

C:\Users\Tomek\AppData\Local\Temp\avgnt.exe

C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe

C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll

C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tomek\AppData\Local\Temp\Java.exe

C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe

C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tomek\AppData\Local\Temp\Uni000.exe

C:\Users\Tomek\AppData\Local\Temp\uninst1.exe

C:\Users\Tomek\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-10 00:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

und hier Additional.tx
Gut so?

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01

Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30

Running from C:\Users\Tomek\AppData\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

() C:\Program Files\ASUS\Printer Utilities\UsbService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe

(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)

HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File

Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375

FF Homepage: hxxp://de.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]

FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin

FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]

CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]

CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)

R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)

R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)

R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)

R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()

S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL

2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll

2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST

2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype

2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log

2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log

2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url

2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump

2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP

2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek

2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software

2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder

2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt

2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout

2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software

2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit

2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus

2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus

2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg

2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno

2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel

2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG

2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine

2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore

2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software

2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor

2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON

2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live

2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
 

Some content of TEMP:

====================

C:\Users\Tomek\AppData\Local\Temp\avgnt.exe

C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe

C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll

C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tomek\AppData\Local\Temp\Java.exe

C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe

C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tomek\AppData\Local\Temp\Uni000.exe

C:\Users\Tomek\AppData\Local\Temp\uninst1.exe

C:\Users\Tomek\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-10 00:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Falls nicht wie soll ich den Additional.txerstellen,habe keine Ahnung

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01

Ran by Tomek (administrator) on TOMEK-PC on 10-03-2014 22:01:30

Running from C:\Users\Tomek\AppData\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NCH Software) C:\Program Files\NCH Software\BroadCam\broadcam.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

() C:\Program Files\ASUS\Printer Utilities\UsbService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe

(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe

(Geek Software GmbH) C:\Program Files\pdf24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe

(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuard.exe [1620824 2012-12-30] (BullGuard Ltd.)

HKLM\...\Run: [AVMWlanClient] - C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM\...\Run: [PDFPrint] - C:\Program Files\pdf24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [HotSwap! Applet] - C:\Users\Tomek\Documents\Hotswap\32bit\HotSwap!.EXE [107520 2009-11-10] (Kazuyuki Nakayama)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...\MountPoints2: {96d9ce58-5507-11e2-9035-6c626d48375c} - L:\pushinst.exe

HKU\S-1-5-21-2575823542-3958022467-2581509469-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com

URLSearchHook: HKCU - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A03A74F06D1A725A&affID=121564&tl=gbn373540&tsp=4960

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File

Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\u7fajrxz.default-1394297786375

FF Homepage: hxxp://de.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: No Name - C:\Users\Tomek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-07-14]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-12-05]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-20]

FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin

FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard Backup\backup\thunderbirdbkplugin [2012-12-27]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-06-05]

CHR Extension: (SuperLyrics-16) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-21]

CHR Extension: (Skype Click to Call) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-05]

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]

CHR Extension: (No Name) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-08-29]

CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-08-29]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Tomek\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Tomek\AppData\Local\Temp\YontooLayers.crx [2012-01-17]

CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2012-01-17]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-17]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S3 BgRaSvc; C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe [125784 2012-12-30] (BullGuard Ltd.)

R2 BroadCamService; C:\Program Files\NCH Software\BroadCam\broadcam.exe [2584068 2012-12-18] (NCH Software)

R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard Backup\BsMain.dll [189784 2012-12-30] (BullGuard Ltd.)

R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [331096 2012-12-27] (BullGuard Ltd.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)

S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)

R2 UsbService; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] ()

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2010-10-22] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-10] (Malwarebytes Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [66432 2007-12-17] ()

S3 cpuz132; \??\C:\Users\Tomek\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]

S3 MEMSWEEP2; \??\C:\Windows\system32\B847.tmp [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 09:55 - 2011-03-14 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BJHE.DLL

2014-03-09 09:55 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-03-09 07:09 - 2014-03-09 09:51 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:49 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-10 18:00 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 20:38 - 2014-03-08 22:52 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:38 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 20:30 - 2014-03-10 22:01 - 00000000 ____D () C:\FRST

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-07 22:27 - 2014-03-08 15:27 - 00000000 ____D () C:\AdwCleaner

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:43 - 2014-03-07 12:44 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:40 - 2014-03-07 12:41 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-02-26 22:59 - 2013-12-10 18:43 - 00030520 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll

2014-02-26 22:59 - 2013-12-10 18:43 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2014-02-17 03:13 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-17 03:13 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-17 03:13 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-17 03:13 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-17 03:13 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-17 03:13 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-17 03:13 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-17 03:13 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-17 03:13 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-17 03:13 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-17 03:13 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-17 03:13 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-17 03:13 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-17 03:13 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-17 03:13 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-17 03:13 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-17 03:13 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-17 03:13 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-17 03:13 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-17 03:13 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-17 03:02 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-16 17:17 - 2014-03-10 21:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-02-16 17:08 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-16 17:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-16 17:08 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-16 17:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-16 17:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-16 17:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-16 17:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-16 17:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
 

==================== One Month Modified Files and Folders =======
 

2014-03-10 22:01 - 2014-03-08 20:30 - 00000000 ____D () C:\FRST

2014-03-10 22:01 - 2010-07-28 19:24 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Skype

2014-03-10 21:57 - 2012-05-27 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-10 21:52 - 2010-07-28 19:24 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-10 21:17 - 2014-02-16 17:17 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-10 21:17 - 2013-08-29 17:17 - 00000286 _____ () C:\Windows\Tasks\DSite.job

2014-03-10 21:04 - 2012-08-05 12:46 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-03-10 20:58 - 2010-07-28 13:21 - 01474900 _____ () C:\Windows\WindowsUpdate.log

2014-03-10 18:00 - 2014-03-08 20:38 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-10 05:37 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-10 00:52 - 2010-07-28 19:24 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-09 23:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 23:12 - 2009-07-14 05:39 - 00010861 _____ () C:\Windows\setupact.log

2014-03-09 12:32 - 2010-01-26 17:04 - 12723402 _____ () C:\Windows\PFRO.log

2014-03-09 10:03 - 2014-03-09 10:03 - 00002324 _____ () C:\Users\Public\Desktop\Epson Netzwerkhandbuch WF-3540 Series.lnk

2014-03-09 10:03 - 2014-03-09 10:03 - 00000261 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch WF-3540 Series.url

2014-03-09 10:03 - 2013-07-29 21:52 - 00000238 _____ () C:\Users\Public\Desktop\Anleitung für Epson Connect.url

2014-03-09 09:59 - 2013-07-31 13:14 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-03-09 09:51 - 2014-03-09 07:09 - 00000000 ____D () C:\Users\Tomek\Documents\GMER_1Scaan

2014-03-09 09:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-08 23:04 - 2014-03-08 23:04 - 00000000 ____D () C:\Users\Tomek\Desktop\IceSword

2014-03-08 22:52 - 2014-03-08 20:38 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000376 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job

2014-03-08 22:52 - 2014-03-08 20:38 - 00000358 _____ () C:\Windows\Tasks\PC Health Advisor.job

2014-03-08 20:47 - 2014-03-08 20:47 - 00000000 ____D () C:\Program Files\Sophos

2014-03-08 20:38 - 2014-03-08 20:38 - 00001075 _____ () C:\Users\Tomek\Desktop\ParetoLogic PC Health Advisor.lnk

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\DriverCure

2014-03-08 20:38 - 2014-03-08 20:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-03-08 20:38 - 2014-03-08 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2014-03-08 20:37 - 2014-03-08 20:37 - 00000000 ____D () C:\Program Files\ParetoLogic

2014-03-08 19:29 - 2014-03-08 19:29 - 00144312 _____ () C:\Windows\Minidump\030814-23992-01.dmp

2014-03-08 19:29 - 2013-12-17 20:59 - 00000000 ____D () C:\Windows\Minidump

2014-03-08 19:29 - 2013-10-21 19:42 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-03-08 19:28 - 2013-12-17 20:59 - 441585785 _____ () C:\Windows\MEMORY.DMP

2014-03-08 15:31 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek

2014-03-08 15:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-03-08 15:28 - 2013-10-21 19:42 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-03-08 15:28 - 2012-12-18 00:06 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\NCH Software

2014-03-08 15:28 - 2012-07-14 22:39 - 00000000 ____D () C:\Users\Tomek\AppData\Roaming\Media Finder

2014-03-08 15:28 - 2012-05-17 19:53 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Winload

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-08 15:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-03-08 15:27 - 2014-03-07 22:27 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:27 - 2013-08-29 17:17 - 00000000 ____D () C:\Program Files\OpenIt

2014-03-08 15:27 - 2012-12-24 00:17 - 00000000 ____D () C:\Program Files\File Scout

2014-03-08 15:27 - 2012-12-18 00:07 - 00000000 ____D () C:\ProgramData\NCH Software

2014-03-08 15:27 - 2012-12-18 00:06 - 00000000 ____D () C:\Program Files\NCH Software

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Winload

2014-03-08 15:27 - 2012-05-17 19:53 - 00000000 ____D () C:\Program Files\Conduit

2014-03-08 15:27 - 2011-03-09 20:13 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-03-08 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-03-08 15:25 - 2010-08-10 15:16 - 00000000 ____D () C:\Program Files\ElsterFormular

2014-03-07 12:47 - 2014-03-07 12:47 - 00021344 _____ () C:\Users\Tomek\DFV2014_ber Tomasz_Kordonski.elfo

2014-03-07 12:45 - 2014-03-07 12:45 - 00021284 _____ () C:\Users\Tomek\UStVA2014_02_Februar_Tomasz_Kordonski.elfo

2014-03-07 12:44 - 2014-03-07 12:43 - 00023000 _____ () C:\Users\Tomek\UStVA2014_01_Januar_Tomasz_Kordonski.elfo

2014-03-07 12:41 - 2014-03-07 12:40 - 00027670 _____ () C:\Users\Tomek\UStVA2013_ber 12_Dezember_Tomasz_Kordonski.elfo

2014-03-06 00:52 - 2013-03-28 08:29 - 00000000 ____D () C:\Users\Tomek\Documents\Voltus

2014-03-06 00:45 - 2010-07-29 23:04 - 00000000 ____D () C:\Users\Tomek\Documents\FaktorPlus

2014-03-03 11:10 - 2012-11-05 15:17 - 00000000 ____D () C:\Users\Tomek\Documents\Wohnung-Rabenberg

2014-02-28 11:58 - 2013-08-01 23:43 - 00000000 ____D () C:\Users\Tomek\Documents\Ksiega Wieczysta-Gniezno

2014-02-27 08:32 - 2010-01-26 15:21 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-26 22:59 - 2012-11-22 22:49 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-02-26 21:38 - 2010-08-31 19:31 - 00000000 ____D () C:\Windows\Corel

2014-02-26 03:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-26 00:17 - 2013-08-29 18:17 - 00000028 _____ () C:\Users\Tomek\AppData\Roaming\WB.CFG

2014-02-25 07:32 - 2012-05-27 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-25 07:32 - 2012-05-27 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-22 16:59 - 2010-07-28 14:47 - 00000000 ____D () C:\Users\Tomek\Documents\Angebote_Fenster_Meine

2014-02-22 16:59 - 2010-07-28 13:31 - 00000000 ____D () C:\Users\Tomek\AppData\Local\VirtualStore

2014-02-20 00:16 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files\Epson Software

2014-02-20 00:06 - 2012-05-06 17:31 - 00000000 ____D () C:\Program Files\MDIConvertor

2014-02-19 22:17 - 2013-07-31 13:13 - 00000000 ____D () C:\ProgramData\EPSON

2014-02-19 22:10 - 2012-05-02 14:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-19 21:12 - 2013-02-12 06:16 - 00000000 ____D () C:\Users\Tomek\AppData\Local\Windows Live

2014-02-19 15:10 - 2012-12-05 15:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 04:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2014-02-17 03:15 - 2010-01-28 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-17 03:10 - 2013-07-31 10:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 03:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2575823542-3958022467-2581509469-1000\$87e7496d519f3441179914277f337ed4
 

Some content of TEMP:

====================

C:\Users\Tomek\AppData\Local\Temp\avgnt.exe

C:\Users\Tomek\AppData\Local\Temp\BackupSetup.exe

C:\Users\Tomek\AppData\Local\Temp\globalKeyChecker.exe

C:\Users\Tomek\AppData\Local\Temp\htmlayout.dll

C:\Users\Tomek\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Tomek\AppData\Local\Temp\Java.exe

C:\Users\Tomek\AppData\Local\Temp\MPDD0000.exe

C:\Users\Tomek\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tomek\AppData\Local\Temp\Uni000.exe

C:\Users\Tomek\AppData\Local\Temp\uninst1.exe

C:\Users\Tomek\AppData\Local\Temp\unwise.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-10 00:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---