Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BProtector auf Windows 7 - mal wieder... (https://www.trojaner-board.de/151731-bprotector-windows-7-mal.html)

holliday4350 30.03.2014 08:34
BProtector auf Windows 7 - mal wieder...
 
Guten morgen,
auch bei mir gibt es das Problem mit BProtector.
Alle Logs habe ich mal angehängt. Gibt es noch eine Möglichkeit, überhaupt zu helfen ?
Danke schon mal im voraus, Philipp

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:24 on 30/03/2014 (Philipp)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Philipp (administrator) on PHILIPP-PC on 30-03-2014 08:54:03
Running from C:\Users\Philipp\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(cake bake) C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Bake Cake) C:\Users\Philipp\AppData\Roaming\Betcat\WebCakeDesktop.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\desk365.exe
(Smartbar) C:\Users\Philipp\AppData\Local\Smartbar\Application\QuickShare.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(France Telecom SA) C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr_x64.exe
() C:\Users\Philipp\AppData\Local\Smartbar\Application\Lrcnta.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Philipp\Downloads\IE11-Windows6.1.exe
(Microsoft Corporation) C:\Windows\system32\dism.exe
(Microsoft Corporation) C:\Users\Philipp\AppData\Local\Temp\0764230C-9E3B-4D36-9DA8-D9EF001BAF31\dismhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-18] (Mindjet)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [MyApplication] - svehost.exe
HKLM-x32\...\Run: [CardDetectorHUAWEI1752_1552] - C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe [287472 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [BEWINTERNET-CHSessionManager] - C:\Program Files (x86)\Internet Everywhere\IEWCH_8.0\SessionManager\SessionManager.exe [140016 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IATSKY] - C:\Program Files (x86)\ELV Mini-Sound-Modul\iatsky.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [{36C52FD9-9B1F-C5E1-5D3D-FCD4F943678F}] - C:\Users\Philipp\AppData\Roaming\Enp\lyufpiy.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [] - [X]
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [NoteTaker] -  -silent
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [WebCake Desktop] - C:\Users\Philipp\AppData\Roaming\Betcat\WebCakeDesktop.exe [52504 2013-08-11] (Bake Cake)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1011792 2013-10-19] (337 Technology Limited.)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [Browser Infrastructure Helper] - C:\Users\Philipp\AppData\Local\Smartbar\Application\QuickShare.exe [26904 2014-03-09] (Smartbar)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {01f994b1-b077-11e1-be96-1c75081ddbad} - E:\MicroLauncher.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {173dbd17-3ad2-11e3-9095-1c75081ddbad} - E:\laucher.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {74edd735-dcf1-11e0-b0ba-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {74edd738-dcf1-11e0-b0ba-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {74edd744-dcf1-11e0-b0ba-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {74edd747-dcf1-11e0-b0ba-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {972d0e19-377b-11e0-bce6-1c75081ddbad} - F:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {a9fea487-2e29-11e1-9845-46ac4c3b72a0} - E:\TING.EXE
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {ac757c00-265f-11e0-ad85-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {ac757c05-265f-11e0-ad85-1c75081ddbad} - F:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {b85f3449-28ee-11e1-a821-5cac4c3b72a0} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {b85f344e-28ee-11e1-a821-5cac4c3b72a0} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {c372d44f-27d1-11e1-a792-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\MountPoints2: {dbf6bcc5-1147-11e1-9c2e-1c75081ddbad} - E:\AutoRun.exe
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2499104989-183997506-3760272782-1000\$26a64402086a4e27670db5795d3e8ffb\n. ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
AppInit_DLLs:  c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=3C3246AC4C3B72A0&affID=126473&tsp=5040
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: PriceGong - Price Comparison - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll (PriceGong)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: optitoolbar Helper Object - {F498380A-7935-4DC7-88B1-C158321DF79E} - C:\Program Files (x86)\Opti Toolbar\optitoolbar\1.8.26.9\bh\optitoolbar.dll (Opti Toolbar)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Philipp\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - optitoolbar Toolbar - {FE560166-CBE3-4A0D-80B5-A3B216F93EEA} - C:\Program Files (x86)\Opti Toolbar\optitoolbar\1.8.26.9\optitoolbarTlbr.dll (Opti Toolbar)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default
FF user.js: detected! => C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\user.js
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4_kEdIDhxNS7GKdBLJsLxdPX-uzD4dbJQVIss0Cn4PpxOD2n0yyrveB2BeNbKQyc,
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Opti Page Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll (InfiniAd GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: SuperLyrics-16 - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com [2013-10-19]
FF Extension: Delta Toolbar - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\ffxtlbr@delta.com [2013-05-17]
FF Extension: optitoolbar.com - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\ffxtlbr@optitoolbar.com [2013-10-19]
FF Extension: loadtbs - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\software@loadtubes.com [2012-03-17]
FF Extension: No Name - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\staged [2013-10-19]
FF Extension: QuickShare Widget - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\{5fd0fa19-ca5e-b8ad-376d-9544e0c894dc} [2014-03-11]
FF Extension: PriceGong - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2013-04-01]
FF Extension: M2k Downloader - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\m2k@m2kdownloader.com.xpi [2013-04-08]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\vgwogyzf.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF HKCU\...\Firefox\Extensions: [coollrcs@coolzone.co] - C:\Program Files (x86)\CoolLyrics\FF\
FF Extension: Cool Lyrics - C:\Program Files (x86)\CoolLyrics\FF\ []

Chrome:
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=3C3246AC4C3B72A0&affID=126473&tsp=5040
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (InfiniAd GmbH)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]
CHR Extension: (YouTube) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [clffglkbddffcdnehidjiimmoiphomid] - C:\Program Files (x86)\CoolLyrics\Chrome.crx [2013-06-12]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Philipp\AppData\Roaming\BabSolution\CR\Delta.crx [2013-05-17]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCakeLayers.crx [2013-05-17]
CHR HKLM-x32\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - C:\Program Files (x86)\Movie2KDownloader.com\m2kDownloader10.crx [2013-04-08]
CHR HKLM-x32\...\Chrome\Extension: [ncoodlkjimgohlngmapmpnbfaoifkhnd] - C:\Users\Philipp\AppData\Roaming\BabSolution\CR\Opti.crx [2013-10-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-10-19] (337 Technology Limited.)
R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-11-12] (France Telecom SA)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2010-03-08] (Samsung Electronics Co., Ltd.)
R2 WebCake Desktop Updater; C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-19] (cake bake)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 08:54 - 2014-03-30 08:54 - 00035683 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-03-30 08:53 - 2014-03-30 08:54 - 00000000 ____D () C:\FRST
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:44 - 2014-03-30 08:48 - 00007273 _____ () C:\Windows\IE11_main.log
2014-03-30 08:43 - 2014-03-30 08:44 - 02077392 _____ (Microsoft Corporation) C:\Users\Philipp\Downloads\IE11-Windows6.1.exe
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:33 - 2014-03-19 23:19 - 08092301 _____ () C:\Users\Philipp\Desktop\villa AAD 20140320.pptx
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:21 - 2014-03-12 23:23 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe
2014-03-11 21:51 - 2014-03-11 21:51 - 00000000 ____D () C:\Users\Philipp\AppData\Local\LPT
2014-03-01 15:33 - 2014-03-01 15:33 - 00002141 _____ () C:\Users\Philipp\Downloads\pubmed_result (1).txt
2014-03-01 15:30 - 2014-03-01 15:30 - 00001728 _____ () C:\Users\Philipp\Downloads\pubmed_result.txt

==================== One Month Modified Files and Folders =======

2014-03-30 08:54 - 2014-03-30 08:54 - 00035683 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-03-30 08:54 - 2014-03-30 08:53 - 00000000 ____D () C:\FRST
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:48 - 2014-03-30 08:44 - 00007273 _____ () C:\Windows\IE11_main.log
2014-03-30 08:44 - 2014-03-30 08:43 - 02077392 _____ (Microsoft Corporation) C:\Users\Philipp\Downloads\IE11-Windows6.1.exe
2014-03-30 08:43 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 08:43 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 08:41 - 2011-07-24 08:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 08:40 - 2010-10-28 23:25 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 08:40 - 2010-10-28 23:25 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 08:40 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 08:38 - 2013-10-19 11:35 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-30 08:36 - 2013-08-11 07:50 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Betcat
2014-03-30 08:36 - 2012-04-29 12:33 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-30 08:35 - 2013-10-12 17:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b.job
2014-03-30 08:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 08:35 - 2009-07-14 06:51 - 00153334 _____ () C:\Windows\setupact.log
2014-03-30 08:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-30 08:14 - 2010-10-28 13:33 - 01243660 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 23:22 - 2014-02-27 23:42 - 00038788 _____ () C:\Users\Philipp\Desktop\temp log.xlsx
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-26 21:47 - 2013-03-23 22:27 - 00000528 _____ () C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2014-03-23 22:06 - 2012-08-17 20:17 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-23 22:06 - 2011-03-28 13:47 - 00000000 ____D () C:\Users\Philipp\Documents\Privat
2014-03-19 23:19 - 2014-03-15 22:33 - 08092301 _____ () C:\Users\Philipp\Desktop\villa AAD 20140320.pptx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:53 - 2013-10-21 21:13 - 00000000 ____D () C:\Users\Philipp\Desktop\villantenunterricht 20131022
2014-03-15 18:54 - 2013-06-23 10:42 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 07:27 - 2011-01-11 21:52 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:23 - 2014-03-12 23:21 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe
2014-03-11 21:51 - 2014-03-11 21:51 - 00000000 ____D () C:\Users\Philipp\AppData\Local\LPT
2014-03-11 21:51 - 2013-10-19 11:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Smartbar
2014-03-07 23:23 - 2013-10-16 10:45 - 00000000 ____D () C:\Users\Philipp\Desktop\NL
2014-03-05 21:02 - 2013-04-09 22:47 - 00000000 ____D () C:\Users\Philipp\Documents\Temp WPT
2014-03-01 15:33 - 2014-03-01 15:33 - 00002141 _____ () C:\Users\Philipp\Downloads\pubmed_result (1).txt
2014-03-01 15:30 - 2014-03-01 15:30 - 00001728 _____ () C:\Users\Philipp\Downloads\pubmed_result.txt

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2499104989-183997506-3760272782-1000\$26a64402086a4e27670db5795d3e8ffb

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\118099870.exe
C:\Users\Philipp\AppData\Local\Temp\2564500.exe
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\COMAP.EXE
C:\Users\Philipp\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Philipp\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Philipp\AppData\Local\Temp\fvJcrgR.exe
C:\Users\Philipp\AppData\Local\Temp\Installer.exe
C:\Users\Philipp\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Philipp\AppData\Local\Temp\Java.exe
C:\Users\Philipp\AppData\Local\Temp\msimg32.dll
C:\Users\Philipp\AppData\Local\Temp\MSNFB7F.exe
C:\Users\Philipp\AppData\Local\Temp\ose00000.exe
C:\Users\Philipp\AppData\Local\Temp\ResetDevice.exe
C:\Users\Philipp\AppData\Local\Temp\restorer1.0.0.1.exe
C:\Users\Philipp\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Philipp\AppData\Local\Temp\sHID.dll
C:\Users\Philipp\AppData\Local\Temp\siinst.exe
C:\Users\Philipp\AppData\Local\Temp\strings.dll
C:\Users\Philipp\AppData\Local\Temp\_is2779.exe
C:\Users\Philipp\AppData\Local\Temp\_is6E68.exe
C:\Users\Philipp\AppData\Local\Temp\_isBC67.exe
C:\Users\Philipp\AppData\Local\Temp\_isCA6C.exe
C:\Users\Philipp\AppData\Local\Temp\_isF4B6.exe
C:\Users\Philipp\AppData\Local\Temp\_isFB79.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 22:35

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Philipp at 2014-03-30 08:56:16
Running from C:\Users\Philipp\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.3 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Babylon toolbar  (HKLM-x32\...\BabylonToolbar) (Version: 1.8.11.10 - BabylonToolbar) <==== ATTENTION
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.12 - TOSHIBA CORPORATION)
Blu-ray Rip & Copy 3 (HKLM-x32\...\{0D3F1A54-DB78-49D8-B091-61336B66D135}_is1) (Version: 5.0.0.0 - Leawo Software)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Card Detector for Huawei E1752 and E1552 (HKLM-x32\...\CardDetectorHUAWEI1752_1552) (Version: 1.1.2.0 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2205.37769 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2205.37769 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0825.2205.37769 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help English (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help French (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help German (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2205.37769 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2205.37769 - ATI) Hidden
Cherry ST-1530 (HKLM-x32\...\{1A0F15FE-F707-4DCA-8C42-93BEE43EB23F}) (Version: 1.0.0.0 - Cherry)
Cool Lyrics (HKLM-x32\...\coollrcs@coolzone.co) (Version:  - CoolZone) <==== ATTENTION
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar  (HKLM-x32\...\delta) (Version: 1.8.21.0 - Delta) <==== ATTENTION
Desk 365 (HKLM-x32\...\Desk 365) (Version: 1.14.20 - 337 Technology Limited.) <==== ATTENTION
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Easy note taker 3.0 (HKLM-x32\...\{4A19E752-56D4-4B22-BACC-256B491E8756}) (Version: 3.0.1.0 - Yifang Digital)
ELV Mini-Sound-Modul (HKLM-x32\...\ELV Mini-Sound-Modul) (Version: 1.1 - ELV Elektronik AG)
ELV Mini-Sound-Modul (x32 Version: 1.1 - ELV Elektronik AG) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Europa Universalis - Rome (HKLM-x32\...\{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}) (Version:  - )
Firstload (HKLM-x32\...\Firstload) (Version:  - Lumaris.net)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.1.320 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.1.320 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
IBM SPSS Statistics 22 (HKLM-x32\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Internet Everywhere deinstallieren (HKLM-x32\...\{BEWINTERNET-CH}.UninstallSuite) (Version:  - )
Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
loadtbs-2.1 (HKLM-x32\...\loadtbs-2.1) (Version:  - )
Lumac (HKLM-x32\...\InstallShield_{5DE11949-2B11-4F13-BAD5-1C237122CFDB}) (Version: 1.1.86.0 - Firstload)
Lumac (x32 Version: 1.1.86.0 - Firstload) Hidden
MATLAB R2008a (HKLM\...\MatlabR2008a) (Version: 7.6 - The MathWorks, Inc.)
Med7 (HKLM-x32\...\{1AC9A8F0-A373-4329-892A-5062032408BD}) (Version: 7.93.0022 - Bitron GmbH)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Outlook 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Project Standard 2003 (HKLM-x32\...\{913A0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mindjet MindManager Pro 7 (HKLM-x32\...\{3CDFEE23-66D2-4DB0-8269-12634E871725}) (Version: 7.0.429 - Mindjet LLC)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.002.03.27.40 - Huawei Technologies Co.,Ltd)
Movie2KDownloader (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - Movie2KDownloader.com)
Mozilla Firefox 16.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyScript Notes Lite (HKLM-x32\...\{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}) (Version: 2.2.0.0 - Vision Objects)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opti Chrome Toolbar (HKLM-x32\...\Opti Chrome Toolbar) (Version:  - Opti Toolbar)
Opti toolbar  (HKLM-x32\...\optitoolbar) (Version: 1.8.26.9 - Opti Toolbar)
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Personal Backup 5.4 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PriceGong 2.6.11 (HKLM-x32\...\PriceGong) (Version: 2.6.11 - PriceGong) <==== ATTENTION
PSPP (HKLM-x32\...\B426B849-6071-5684-6429-7BE6B77DAB5B) (Version: 20111111 - GNU)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Ruff-Tech (HKLM-x32\...\Ruff-FTP_is1) (Version: 2.61 prof. - Ruff-Tech)
Samsung Network PC Fax (HKLM-x32\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.4.29.0 - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.013 - Samsung Electronics Co., Ltd.)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
Sentinel HASP Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 5.0.1.14210 - SafeNet Inc.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - Samsung Electronics Co., Ltd.)
SopCast 3.4.0 (HKLM-x32\...\SopCast) (Version: 3.4.0 - www.sopcast.com)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 5.3.11.2 - Uniblue Systems Ltd)
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
SuperLyrics-16 (HKLM-x32\...\SuperLyrics-16) (Version: 1.29.153.0 - PassWizard) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version:  - Samsung Electronics Co., Ltd.)
Wav Sample Rate Converter version 1.0.0.1 (HKLM-x32\...\Wav Sample Rate Converter_is1) (Version:  - )
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)
Zahlenbuch 1 (HKLM-x32\...\Zahlenbuch 1) (Version:  - )

==================== Restore Points  =========================

24-11-2013 18:47:00 Geplanter Prüfpunkt
30-03-2014 06:46:52 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {013EA161-DC47-4960-90EE-24E9160F7222} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {0159A561-EE2D-480A-9006-99949393620E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {0F5DFAFA-C319-4F0D-AC4D-A0EA7A442529} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {6CD2E245-54DF-4A53-9AD7-3659BD1E5D65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {6E8CE0E2-1D04-4384-AEDF-B3575345014E} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {8ED2DECA-CF12-4B3E-98D5-8CECC88EE26D} - System32\Tasks\NatSpeak Periodic Acoustic Optimization => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-09] (Nuance Communications, Inc.)
Task: {9EAF2326-F522-4A3B-8E41-AABDA1E8EB82} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {A7F72C5B-DBA7-4373-9293-7DAE29009BA3} - System32\Tasks\EPUpdater => C:\Users\Philipp\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] () <==== ATTENTION
Task: {A95B6FE1-88C8-45B3-8262-0C8386685D7E} - System32\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {B95707E5-9F4F-485E-83BC-6FD229F6A89F} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {D793399C-626C-4ABC-9B1C-A51147D454C4} - \SidebarExecute No Task File
Task: {D7C30BB7-CF50-42A8-B421-8E6A2475C23A} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {FC3F2AE7-B8C2-4FA8-BBF4-2EACF7193058} - System32\Tasks\NatSpeak Periodic Language Model Optimization => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-09] (Nuance Communications, Inc.)
Task: C:\Windows\Tasks\Desk 365 RunAsStdUser.job => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\EPUpdater.job => C:\Users\Philipp\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe
Task: C:\Windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-11-21 22:35 - 2013-11-18 16:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2008-09-08 11:19 - 2008-09-08 11:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2011-03-18 09:28 - 2010-03-04 17:56 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL
2012-08-17 20:05 - 2009-08-27 11:25 - 00027648 _____ () C:\Windows\System32\sst2cl6.dll
2011-03-18 09:28 - 2010-03-04 17:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-06-22 10:43 - 2011-06-22 10:43 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst2cdu.dll
2012-12-15 12:49 - 2010-10-28 19:55 - 06550136 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll
2011-03-21 22:58 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-08-17 20:03 - 2010-06-07 12:17 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-08-17 20:04 - 2009-09-29 11:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-03-09 19:42 - 2014-03-09 19:42 - 00021784 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Lrcnta.exe
2013-10-19 11:35 - 2013-10-19 11:35 - 00612432 _____ () C:\Program Files (x86)\Desk 365\sqlite3.dll
2013-03-11 07:51 - 2013-03-10 22:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-10-19 11:35 - 2013-10-19 11:35 - 00232016 _____ () C:\Program Files (x86)\Desk 365\edeskcmn.dll
2013-10-19 11:35 - 2013-10-19 11:35 - 00181840 _____ () C:\Program Files (x86)\Desk 365\libpng.dll
2013-10-19 11:35 - 2013-10-19 11:35 - 00073296 _____ () C:\Program Files (x86)\Desk 365\libpopdlg.dll
2013-10-19 11:35 - 2013-10-19 11:35 - 00099408 _____ () C:\Program Files (x86)\Desk 365\mbdet.dll
2013-10-19 11:35 - 2013-10-19 11:35 - 00146512 _____ () C:\Program Files (x86)\Desk 365\enotify.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00045848 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00067864 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srau.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00164632 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 02281752 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00065816 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\spbl.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00153880 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00013592 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\siem.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00060184 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00695576 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00014104 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00077592 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00026392 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00055576 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srut.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00028440 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00064280 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00029976 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srom.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00029976 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\smtu.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00038168 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\smta.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00023320 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\sgml.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00042776 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srbu.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00060696 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00023832 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00042264 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-09 19:41 - 2014-03-09 19:41 - 00025880 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00034584 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00254232 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\srns.dll
2008-01-09 00:50 - 2008-01-09 00:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
2008-03-19 02:21 - 2008-03-19 02:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
2008-03-19 02:21 - 2008-03-19 02:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
2010-08-30 11:45 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2007-05-18 01:05 - 2007-05-18 01:05 - 00116240 ____R () C:\Program Files (x86)\Mindjet\MindManager 7\zlib.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00029464 _____ () C:\Users\Philipp\AppData\Local\Smartbar\Application\lrcnt.dll
2013-03-21 20:51 - 2013-03-21 20:51 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\939daa9c24a14d0673e781725dcf0b9d\IsdiInterop.ni.dll
2010-08-30 11:03 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2013-03-11 07:51 - 2013-03-10 22:25 - 00397704 _____ () c:\program files (x86)\avira\antivir desktop\sqlite3.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 18:54 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2012-12-15 12:49 - 2010-10-28 19:52 - 00948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll
2012-12-15 12:49 - 2010-10-28 19:52 - 00153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
AlternateDataStreams: C:\Users\Philipp\Documents\UCB .pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 08:35:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/30/2014 08:25:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/30/2014 07:52:43 AM) (Source: Application Hang) (User: )
Description: Programm avscan.exe, Version 14.0.3.332 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12fc

Startzeit: 01cf4bdabca7ecfc

Endzeit: 60000

Anwendungspfad: c:\program files (x86)\avira\antivir desktop\avscan.exe

Berichts-ID: 510d0ff2-b7cf-11e3-968d-1c75081ddbad

Error: (03/30/2014 07:39:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/27/2014 10:34:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/22/2014 10:51:49 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e58

Startzeit: 01cf45f8c587a0b2

Endzeit: 279

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (03/21/2014 08:19:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/20/2014 07:36:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/18/2014 10:56:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (03/15/2014 09:58:11 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2374

Startzeit: 01cf4088cf184486

Endzeit: 14

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:


System errors:
=============
Error: (03/30/2014 08:35:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (03/30/2014 08:35:08 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎03.‎2014 um 08:29:47 unerwartet heruntergefahren.

Error: (03/30/2014 08:24:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (03/30/2014 08:24:56 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎30.‎03.‎2014 um 08:14:45 unerwartet heruntergefahren.

Error: (03/30/2014 07:41:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/30/2014 07:41:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (03/30/2014 07:40:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/30/2014 07:40:47 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gatewaydienst auf Anwendungsebene erreicht.

Error: (03/30/2014 07:38:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (03/30/2014 07:38:51 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎03.‎2014 um 22:27:10 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3958.71 MB
Available physical RAM: 1637.97 MB
Total Pagefile: 7915.62 MB
Available Pagefile: 5251.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:288.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E9984595)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-30 09:22:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\awliyfod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075671465 2 bytes [67, 75]
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Desk 365\desk365.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075671465 2 bytes [67, 75]
.text    C:\Program Files (x86)\Desk 365\desk365.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
.text    C:\Users\Philipp\AppData\Local\Smartbar\Application\QuickShare.exe[3064] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                            0000000075671465 2 bytes [67, 75]
.text    C:\Users\Philipp\AppData\Local\Smartbar\Application\QuickShare.exe[3064] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                          00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000075671465 2 bytes [67, 75]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075671465 2 bytes [67, 75]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000075671465 2 bytes [67, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000756714bb 2 bytes [67, 75]
.text    ...                                                                                                                                                                        * 2
---- Processes - GMER 2.1 ----

Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [552](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [616](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [632](2013-11-21 20:35:59)                                        000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [744](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [844](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [872](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\atiesrxx.exe [920](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [284](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [496](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [492](2013-11-21 20:35:59)                                      000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1048](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\atieclxx.exe [1084](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1248](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1516](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1568](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [1772](2013-11-21 20:35:59)          000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\HPSIsvc.exe [1884](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [1948](2013-11-21 20:35:59)  000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [1976](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [1128](2013-11-21 20:35:59)          000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1492](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [2868](2013-11-21 20:35:59)                                    000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [2996](2013-11-21 20:35:59)                                        000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3032](2013-11-21 20:35:59)                                            000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2324]                                          000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Elantech\ETDCtrl.exe [2412](2013-11-21 20:35:59                                000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2600](2013-11-21 20:35:59)        000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wbem\unsecapp.exe [3444](2013-11-21 20:35:59                                000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [3524](2013-11-21 20:35:59                                000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe [3624](2013-11-21 20:35:59)                  000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe [3952](2013-11-21 20:35:59)        000007fefda00000
Library  c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\Samsung\PanelMgr\caller64.exe [3392](2013-11-21 20                                  000007fefda00000

---- EOF - GMER 2.1 ----

schrauber 30.03.2014 10:31
hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

holliday4350 30.03.2014 11:38
ok.
Das Ergebnis ist unten. Mal gespannt.
Danke, Philipp

Code:
ComboFix 14-03-24.01 - Philipp 30.03.2014  12:05:03.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3959.1625 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uniblue\SpeedUpMyPC
c:\program files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\intermediate_views.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\latest_scan_results.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\library.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\br.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\de.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\dk.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\en.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\es.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\fi.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\fr.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\it.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\jp.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\nl.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\no.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\ru.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\se.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcp90.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcr90.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\repair_transform.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\spnotifier.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\comtypes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\cwebpage.dll.html
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\decorator.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\ordereddict.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\py2exe.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\python-changes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\python.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\simplejson.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third party Terms\wmi.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.msg
c:\program files (x86)\Uniblue\SpeedUpMyPC\views.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr2.dll
c:\program files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
c:\users\Philipp\AppData\Roaming\ldr.mcb
c:\users\Philipp\Documents\~2010-out.pst.tmp
c:\windows\SysWow64\svehost.exe
c:\windows\Tasks\SpeedUpMyPC.job
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-02-28 bis 2014-03-30  ))))))))))))))))))))))))))))))
.
.
2014-03-30 10:15 . 2014-03-30 10:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-03-30 07:56 . 2014-03-30 07:56        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-03-30 06:53 . 2014-03-30 09:54        --------        d-----w-        C:\FRST
2014-03-21 06:17 . 2014-03-30 07:14        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{47A732A6-1EE9-4EA1-97D8-0B67E1C4077F}\offreg.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 17:25 . 2013-08-02 17:25        51992        ----a-w-        c:\program files (x86)\WADesktop.Updater.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoteTaker"="-silent" [X]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"WebCake Desktop"="c:\users\Philipp\AppData\Roaming\Betcat\WebCakeDesktop.exe" [2013-08-11 52504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-17 37392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"CardDetectorHUAWEI1752_1552"="c:\program files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-11-12 287472]
"BEWINTERNET-CHSessionManager"="c:\program files (x86)\Internet Everywhere\IEWCH_8.0\SessionManager\SessionManager.exe" [2009-11-12 140016]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-02-19 162856]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe /Quick [2009-4-9 2844008]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-2-24 2721120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe;c:\program files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AWLIYFOD
*Deregistered* - awliyfod
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:52        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24 06:13]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-24 06:13]
.
2014-01-20 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-09 17:01]
.
2014-03-26 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-09 17:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-{36C52FD9-9B1F-C5E1-5D3D-FCD4F943678F} - c:\users\Philipp\AppData\Roaming\Enp\lyufpiy.exe
Wow6432Node-HKLM-Run-MyApplication - svehost.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-30  12:21:36
ComboFix-quarantined-files.txt  2014-03-30 10:21
.
Vor Suchlauf: 14 Verzeichnis(se), 307.924.443.136 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 312.061.083.648 Bytes frei
.
- - End Of File - - 9EC9DBCA96EB75C1D07DC197A734CF2C

schrauber 31.03.2014 09:38
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

holliday4350 31.03.2014 20:07
Hallo,
mal sehen wie weit es ist. Danke für den Support bislang!!!


mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.03.2014
Suchlauf-Zeit: 20:29:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.31.08
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 257460
Verstrichene Zeit: 53 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 16
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [4fb17a86f9076e927fa9330b9a68ec14],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [4fb17a86f9076e927fa9330b9a68ec14],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [837df40cbf41768a4adf1c22f60c7888],
PUP.Optional.WebCake.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [ce327888c9372ed2a586ff3fd32f0bf5],
PUP.Optional.WebCake.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [ce327888c9372ed2a586ff3fd32f0bf5],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [ce327888c9372ed2a586ff3fd32f0bf5],
PUP.Optional.LoadTubes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, In Quarantäne, [3cc4f80837c9837d9ad566051fe3b947],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [5fa100006e9236cafe82de9a63a0af51],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [827eb050fd0380804fbd0c74dd26fd03],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [f90723dd9b65768a1e6d6d11db2813ed],
PUP.Optional.BProtector.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [de22e917e8189d6349a05e23be45936d],

Registrierungswerte: 4
PUP.Optional.LoadTubes, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372}, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.BProtector, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=3C3246AC4C3B72A0&affID=126473&tsp=5040, In Quarantäne, [0af633cde31d6b95d5b80b73ff04a957]
PUP.BProtector, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [79871ae6fb057c84d7b77d01a85b3ac6]
PUP.Optional.WebCake.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebCake Desktop, C:\Users\Philipp\AppData\Roaming\Betcat\WebCakeDesktop.exe, In Quarantäne, [01ff2fd1d32dfb05c6b6f286f50e33cd]

Registrierungsdaten: 7
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,),Ersetzt,[c53bc33d728e56aa61baef154cb8d32d]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq4-NEvP0q3zlTVUC5HJo6KyO0okXUC1wh8uToKGxNCB53Tzk0DqX68wXqvMytPqiA,),Ersetzt,[827e3dc3e11f8c7460a74cc2996b38c8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}),Ersetzt,[b84813edef1114ecfb217391ec18e917]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}),Ersetzt,[bc44c040837d718f11f7c747867e926e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}),Ersetzt,[8c744bb535cbeb15a5786d978b79aa56]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}),Ersetzt,[af510ff100008878e02985890ff5748c]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2499104989-183997506-3760272782-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsMGTES9LK2_gvfgsYMxCRLASIE52qtxpPB9-FwXRSP4kuAQf_bOXybdR-8dodUq49DaaRXVl_ASqZAYLVNapwsBEobjyxEi0G5GaUFkneQZi0Sl46Vdwo6FMS1gTBoQ,&q={searchTerms}),Ersetzt,[ab5511efd12f29d70d0bfa0aa0649a66]

Ordner: 8
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.FileScout.A, C:\Users\Philipp\AppData\Roaming\File Scout, In Quarantäne, [b14fde225aa6f90747a2cf81da2829d7],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],

Dateien: 29
PUP.Optional.FileScout.A, C:\Users\Philipp\AppData\Roaming\File Scout\filescout.exe, In Quarantäne, [35cb57a9d22ea858ebbd19e639c76799],
PUP.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\ytdl.exe, In Quarantäne, [f80823dd7090689825d13b618a76fb05],
PUP.Optional.WebCake.A, C:\Program Files (x86)\WADesktop.Updater.exe, In Quarantäne, [3fc119e729d7f20ebbf49170d22f56aa],
PUP.Optional.DomaIQ, C:\$RECYCLE.BIN\S-1-5-21-2499104989-183997506-3760272782-1000\$RMYQTU9.exe, In Quarantäne, [b34d1be515ebeb151478e736bd4407f9],
PUP.Optional.WebCake.A, C:\$RECYCLE.BIN\S-1-5-21-2499104989-183997506-3760272782-1000\$RUTVSBT.exe, In Quarantäne, [11efb94700009967081a21fd2fd111ef],
PUP.BundleInstaller.DW, C:\$RECYCLE.BIN\S-1-5-21-2499104989-183997506-3760272782-1000\$RWR80QE.exe, In Quarantäne, [847c8e7248b839c7b7b09765bf41c63a],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\keyHash.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\config.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\domHash.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\evHash.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\ffmpeg.exe, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\license.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\toolbar.dll, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\uninstall.exe, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\updateHash.txt, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.LoadTubes, C:\Users\Philipp\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json, In Quarantäne, [5ba50af6f40cf907fb9879d818eb629e],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [d32d07f930d0a45c77075127fb0808f8],
PUP.Optional.FileScout.A, C:\Users\Philipp\AppData\Roaming\File Scout\uninst.exe, In Quarantäne, [b14fde225aa6f90747a2cf81da2829d7],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],
PUP.Optional.337Technologies.A, C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak, In Quarantäne, [6e92b05001ff43bdbf3c410f1fe318e8],

Physische Sektoren: 0
(No malicious items detected)

(end)
Adw Cleaner

Code:
# AdwCleaner v3.022 - Bericht erstellt am 31/03/2014 um 20:44:16
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Downloads\adwcleaner (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\uniblue
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Philipp\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Philipp\AppData\LocalLow\Opti Toolbar
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\uniblue
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ncoodlkjimgohlngmapmpnbfaoifkhnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKCU\Software\5855dddbb23eed46
Schlüssel Gelöscht : HKLM\SOFTWARE\5855dddbb23eed46
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ruff-ftp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ruff-ftp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7079 octets] - [31/03/2014 20:43:15]
AdwCleaner[S0].txt - [6541 octets] - [31/03/2014 20:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6601 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philipp on 31.03.2014 at 20:49:45,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\coollyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2499104989-183997506-3760272782-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\CoolLyricsUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\CoolLyricsUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\CoolLyricsUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\CoolLyricsUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SuperLyrics-16-codedownloader_RASMANCS



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2014 at 20:57:38,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

holliday4350 31.03.2014 20:09
Und das FRST. Passte aus Platzgründen nicht mit hinein.
Danke, Philipp


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Philipp (administrator) on PHILIPP-PC on 31-03-2014 20:59:26
Running from C:\Users\Philipp\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(France Telecom SA) C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-18] (Mindjet)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [CardDetectorHUAWEI1752_1552] - C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe [287472 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [BEWINTERNET-CHSessionManager] - C:\Program Files (x86)\Internet Everywhere\IEWCH_8.0\SessionManager\SessionManager.exe [140016 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [NoteTaker] -  -silent
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=3C3246AC4C3B72A0&affID=126473&tsp=5040
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]
CHR Extension: (YouTube) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-11-12] (France Telecom SA)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2010-03-08] (Samsung Electronics Co., Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 20:58 - 2014-03-31 20:58 - 00002141 _____ () C:\Users\Philipp\Downloads\JRT.txt
2014-03-31 20:57 - 2014-03-31 20:57 - 00002141 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-03-31 20:49 - 2014-03-31 20:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 20:48 - 2014-03-31 20:48 - 00006693 _____ () C:\Users\Philipp\Downloads\AdwCleaner[S0].txt
2014-03-31 20:42 - 2014-03-31 20:44 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:42 - 2014-03-31 20:42 - 00015500 _____ () C:\Users\Philipp\Downloads\mbam.txt
2014-03-31 19:33 - 2014-03-31 20:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 19:33 - 2014-03-31 19:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 19:33 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 19:33 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 19:33 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 19:32 - 2014-03-31 19:32 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner (1).exe
2014-03-31 07:02 - 2014-03-31 07:02 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-30 23:19 - 2014-03-30 23:26 - 00444812 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-30 23:13 - 2014-03-30 23:13 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 23:13 - 2014-03-30 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 23:13 - 2014-03-30 23:13 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-30 23:13 - 2014-03-30 23:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-30 23:13 - 2014-03-30 23:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-30 23:13 - 2014-03-30 23:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-30 23:13 - 2014-03-30 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-30 23:13 - 2014-03-30 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-30 23:13 - 2014-03-30 23:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-30 23:13 - 2014-03-30 23:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-30 23:13 - 2014-03-30 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-30 23:10 - 2014-03-30 23:19 - 00009659 _____ () C:\Windows\IE10_main.log
2014-03-30 22:41 - 2014-03-30 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-30 22:41 - 2014-03-02 14:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-30 22:24 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-30 22:24 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-30 22:24 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-30 22:24 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-30 22:24 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-30 22:24 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-30 22:24 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-03-30 22:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-30 22:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-30 19:13 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-30 19:13 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-30 19:13 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-30 19:13 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-30 19:11 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-30 19:11 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-03-30 19:11 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-03-30 19:11 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-03-30 19:11 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-03-30 19:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-30 19:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-30 19:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-30 19:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-30 19:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-30 19:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-30 19:09 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-03-30 19:09 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-03-30 19:08 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-30 19:08 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-30 19:08 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-30 19:08 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-30 19:08 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-30 19:08 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-30 19:08 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-30 19:08 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-30 19:08 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-30 19:08 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-30 19:08 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-30 19:08 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-30 19:08 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-30 19:08 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-30 19:08 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-30 19:08 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-30 19:08 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-30 19:08 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-03-30 19:08 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-03-30 19:08 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-30 19:08 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-30 19:08 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-30 19:08 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-30 19:08 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-30 19:08 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-03-30 19:08 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-30 19:08 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-30 19:08 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-30 19:07 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-30 19:07 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-30 19:07 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-30 19:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-30 19:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-03-30 19:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-30 19:07 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-30 19:07 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-30 19:07 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-03-30 19:07 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-30 19:07 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-03-30 19:07 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-03-30 19:07 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-03-30 19:07 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-03-30 19:06 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-30 19:06 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-30 19:06 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-30 19:06 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-30 19:06 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-30 19:06 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-30 19:06 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-30 19:06 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-30 19:06 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-30 19:06 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-03-30 19:06 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-03-30 19:06 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-30 19:06 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-30 19:06 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-30 19:06 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-03-30 19:06 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-03-30 19:06 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-03-30 19:05 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-30 19:05 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-30 19:05 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-30 19:05 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-30 19:05 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-30 19:05 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-30 19:05 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-30 19:05 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-30 19:05 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-30 19:05 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-30 19:05 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-30 19:05 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-30 19:05 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-30 19:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-30 19:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-30 19:05 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-30 19:05 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-30 19:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-30 19:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-30 19:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-30 19:05 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-30 19:05 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-30 19:05 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-30 19:05 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-30 19:05 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-30 19:05 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-30 19:05 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-30 19:05 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-30 19:05 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-30 19:05 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-30 19:05 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-30 19:05 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-03-30 19:05 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-30 19:05 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-03-30 19:05 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-03-30 19:05 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-30 19:05 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-03-30 19:05 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-30 19:05 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-03-30 19:04 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-30 19:04 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-30 19:04 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-30 19:04 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-30 19:04 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-30 19:04 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-30 19:04 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-30 19:04 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-30 19:04 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-30 19:04 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-03-30 19:04 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-30 19:03 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-30 19:03 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-30 19:03 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-30 19:03 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-03-30 18:29 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-30 18:29 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-03-30 12:21 - 2014-03-30 12:21 - 00023589 _____ () C:\ComboFix.txt
2014-03-30 12:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-30 12:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-30 12:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-30 11:59 - 2014-03-30 12:21 - 00000000 ____D () C:\Qoobox
2014-03-30 11:58 - 2014-03-30 12:17 - 00000000 ____D () C:\Windows\erdnt
2014-03-30 11:50 - 2014-03-30 11:51 - 05192353 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-03-30 09:56 - 2014-03-31 06:39 - 00001268 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-03-30 09:56 - 2014-03-31 06:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 09:54 - 2014-03-30 09:54 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner.exe
2014-03-30 09:54 - 2014-03-30 09:54 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-03-30 09:53 - 2014-03-30 09:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 09:52 - 2014-03-30 09:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-03-30 09:25 - 2014-03-30 09:27 - 00043120 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-03-30 09:25 - 2014-03-30 09:24 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-03-30 09:25 - 2014-03-30 09:00 - 00041563 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-03-30 09:24 - 2014-03-30 22:06 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-03-30 09:24 - 2014-03-30 09:24 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-03-30 09:23 - 2014-03-30 09:23 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-03-30 09:22 - 2014-03-30 09:22 - 00010460 _____ () C:\Users\Philipp\Desktop\gmer.txt
2014-03-30 09:02 - 2014-03-30 09:02 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-30 09:01 - 2014-03-30 09:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-30 09:01 - 2014-03-30 09:01 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-30 09:01 - 2014-03-30 09:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-30 09:00 - 2014-03-30 09:00 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-30 08:59 - 2014-03-30 08:59 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-03-30 08:56 - 2014-03-30 22:10 - 00034170 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-03-30 08:54 - 2014-03-31 20:59 - 00017314 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-03-30 08:54 - 2014-03-30 08:54 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:53 - 2014-03-31 20:59 - 00000000 ____D () C:\FRST
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:47 - 2014-03-30 08:47 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-30 08:47 - 2014-03-30 08:47 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-30 08:44 - 2014-03-30 09:02 - 00010601 _____ () C:\Windows\IE11_main.log
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:33 - 2014-03-19 23:19 - 08092301 _____ () C:\Users\Philipp\Desktop\Stude AAD 20140320.pptx
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:21 - 2014-03-12 23:23 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe
2014-03-01 15:33 - 2014-03-01 15:33 - 00002141 _____ () C:\Users\Philipp\Downloads\pubmed_result (1).txt
2014-03-01 15:30 - 2014-03-01 15:30 - 00001728 _____ () C:\Users\Philipp\Downloads\pubmed_result.txt

==================== One Month Modified Files and Folders =======

2014-03-31 20:59 - 2014-03-30 08:54 - 00017314 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-03-31 20:59 - 2014-03-30 08:53 - 00000000 ____D () C:\FRST
2014-03-31 20:58 - 2014-03-31 20:58 - 00002141 _____ () C:\Users\Philipp\Downloads\JRT.txt
2014-03-31 20:57 - 2014-03-31 20:57 - 00002141 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-03-31 20:54 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 20:54 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 20:49 - 2014-03-31 20:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 20:48 - 2014-03-31 20:48 - 00006693 _____ () C:\Users\Philipp\Downloads\AdwCleaner[S0].txt
2014-03-31 20:48 - 2014-03-31 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 20:47 - 2012-04-29 12:33 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-31 20:47 - 2011-07-24 08:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-31 20:46 - 2013-10-12 17:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b.job
2014-03-31 20:45 - 2010-10-28 13:30 - 00199870 _____ () C:\Windows\PFRO.log
2014-03-31 20:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 20:45 - 2009-07-14 06:51 - 00153782 _____ () C:\Windows\setupact.log
2014-03-31 20:44 - 2014-03-31 20:42 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:44 - 2010-10-28 13:33 - 02078536 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 20:42 - 2014-03-31 20:42 - 00015500 _____ () C:\Users\Philipp\Downloads\mbam.txt
2014-03-31 20:36 - 2010-08-30 11:10 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-31 19:33 - 2014-03-31 19:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 19:32 - 2014-03-31 19:32 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner (1).exe
2014-03-31 07:02 - 2014-03-31 07:02 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-31 07:02 - 2010-08-30 11:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-31 06:57 - 2010-08-30 11:24 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-03-31 06:47 - 2010-08-30 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-31 06:39 - 2014-03-30 09:56 - 00001268 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-03-31 06:39 - 2014-03-30 09:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-31 06:34 - 2010-10-28 23:25 - 00657676 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 06:34 - 2010-10-28 23:25 - 00131016 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 06:34 - 2009-07-14 07:13 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 06:31 - 2011-01-08 07:48 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 06:31 - 2011-01-08 07:48 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-31 06:30 - 2011-01-08 07:48 - 00001425 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 06:26 - 2009-07-14 06:45 - 00446128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-31 06:23 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-31 06:23 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-31 06:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-31 06:22 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-30 23:26 - 2014-03-30 23:19 - 00444812 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-30 23:19 - 2014-03-30 23:10 - 00009659 _____ () C:\Windows\IE10_main.log
2014-03-30 23:13 - 2014-03-30 23:13 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 23:13 - 2014-03-30 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 23:13 - 2014-03-30 23:13 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-30 23:13 - 2014-03-30 23:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-30 23:13 - 2014-03-30 23:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-30 23:13 - 2014-03-30 23:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-30 23:13 - 2014-03-30 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-30 23:13 - 2014-03-30 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-30 23:13 - 2014-03-30 23:13 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-30 23:13 - 2014-03-30 23:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-30 23:13 - 2014-03-30 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-30 23:13 - 2014-03-30 23:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-30 23:13 - 2014-03-30 23:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-30 22:44 - 2014-03-30 22:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-30 22:10 - 2014-03-30 08:56 - 00034170 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-03-30 22:06 - 2014-03-30 09:24 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-30 18:24 - 2011-01-08 10:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-30 13:08 - 2011-01-08 09:43 - 01526948 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-30 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-30 12:42 - 2013-12-07 00:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b
2014-03-30 12:42 - 2011-07-24 08:13 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 12:21 - 2014-03-30 12:21 - 00023589 _____ () C:\ComboFix.txt
2014-03-30 12:21 - 2014-03-30 11:59 - 00000000 ____D () C:\Qoobox
2014-03-30 12:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-30 12:17 - 2014-03-30 11:58 - 00000000 ____D () C:\Windows\erdnt
2014-03-30 12:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-30 11:51 - 2014-03-30 11:50 - 05192353 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-03-30 11:51 - 2011-04-10 20:47 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-30 11:39 - 2012-03-10 02:02 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-03-30 11:19 - 2013-04-06 21:12 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Firstload
2014-03-30 09:54 - 2014-03-30 09:54 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner.exe
2014-03-30 09:54 - 2014-03-30 09:54 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-03-30 09:53 - 2014-03-30 09:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 09:52 - 2014-03-30 09:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-03-30 09:27 - 2014-03-30 09:25 - 00043120 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-03-30 09:24 - 2014-03-30 09:25 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-03-30 09:24 - 2014-03-30 09:24 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-03-30 09:24 - 2011-01-08 07:46 - 00000000 ____D () C:\Users\Philipp
2014-03-30 09:23 - 2014-03-30 09:23 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-03-30 09:22 - 2014-03-30 09:22 - 00010460 _____ () C:\Users\Philipp\Desktop\gmer.txt
2014-03-30 09:02 - 2014-03-30 09:02 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-30 09:02 - 2014-03-30 08:44 - 00010601 _____ () C:\Windows\IE11_main.log
2014-03-30 09:01 - 2014-03-30 09:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-30 09:01 - 2014-03-30 09:01 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-30 09:01 - 2014-03-30 09:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-30 09:00 - 2014-03-30 09:25 - 00041563 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-03-30 09:00 - 2014-03-30 09:00 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-30 08:59 - 2014-03-30 08:59 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-03-30 08:54 - 2014-03-30 08:54 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:47 - 2014-03-30 08:47 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-30 08:47 - 2014-03-30 08:47 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-30 08:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-27 23:22 - 2014-02-27 23:42 - 00038788 _____ () C:\Users\Philipp\Desktop\temp log.xlsx
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-23 22:06 - 2012-08-17 20:17 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-23 22:06 - 2011-03-28 13:47 - 00000000 ____D () C:\Users\Philipp\Documents\Privat
2014-03-19 23:19 - 2014-03-15 22:33 - 08092301 _____ () C:\Users\Philipp\Desktop\Stude AAD 20140320.pptx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:53 - 2013-10-21 21:13 - 00000000 ____D () C:\Users\Philipp\Desktop\Studentenunterricht 20131022
2014-03-15 18:54 - 2013-06-23 10:42 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:23 - 2014-03-12 23:21 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe
2014-03-07 23:23 - 2013-10-16 10:45 - 00000000 ____D () C:\Users\Philipp\Desktop\NL
2014-03-05 21:02 - 2013-04-09 22:47 - 00000000 ____D () C:\Users\Philipp\Documents\Temp WPT
2014-03-05 09:26 - 2014-03-31 19:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-31 19:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-31 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 14:05 - 2014-03-30 22:41 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-01 15:33 - 2014-03-01 15:33 - 00002141 _____ () C:\Users\Philipp\Downloads\pubmed_result (1).txt
2014-03-01 15:30 - 2014-03-01 15:30 - 00001728 _____ () C:\Users\Philipp\Downloads\pubmed_result.txt

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 22:35

==================== End Of Log ============================
--- --- ---

schrauber 01.04.2014 12:41

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

holliday4350 01.04.2014 21:08
Hi,
dann mal los. Unten alle Logs. Ich bin nicht sicher, ob alles weg ist. Eset findet 16 mal etwas. Die ersten beiden sind in Quarantäne? und die anderen 14 von einem Java Update?
Danke und Grüße, Philipp

Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b00a766af9609049b89918c60e827f96
# engine=17709
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 07:43:56
# local_time=2014-04-01 09:43:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 9882 142144456 2607 0
# compatibility_mode=5893 16776573 100 94 80426 148011286 0 0
# scanned=553808
# found=16
# cleaned=0
# scan_time=9063
sh=21A812692C7EE41670B1F9AF54078601CCF82BDB ft=1 fh=66df135ba8d3893a vn="a variant of Win32/Kryptik.AWOD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Philipp\AppData\Roaming\ldr.mcb.vir"
sh=55654089565CE9FF05C8E5868D22187A1A0D9872 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NFT trojan" ac=I fn="C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GJT39SB3\u32snw3e2u[1].htm"
sh=6E17D1A88AD3B432C014B696E8B02F00E6BBAFFF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\1510ae8b-4acf266a"
sh=71E2FD0223D41ECCCFCD9704EC02F3B16E7248E0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13cb3acd-2c2c1e79"
sh=26CC5056FD1BAAABD5ED94ECD9BC17B423633CBC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.QRQ trojan" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2b0c1e0f-794ab1b7"
sh=2B719A4DDFD250082BE0FE362A30B970A706A330 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\63f259d9-70f9a629"
sh=5AF2F589A66DD008216F77E448FE499E8F5F8D9E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\9c959f-638d1ed1"
sh=519B7F3C4FC21E87108FD68E64AC80D26473C8E7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\23c4a228-78a4ddcc"
sh=D3E6218B86D477B1D87CE236729AB9D317D72D48 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\c3ae3a8-37c19719"
sh=7C8092D7553484597A0DF88132751B5426F0F2FE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5d295029-642c8e80"
sh=71E2FD0223D41ECCCFCD9704EC02F3B16E7248E0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\363c4a2f-412beea3"
sh=CB5BD05DA6207BF4838BDA3844FD5E0DAA94A24F ft=1 fh=4a64e70aae52f9d8 vn="Win32/PSW.Fareit.A trojan" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\53c0ef78-3cf58b0f"
sh=BADB02B1A0A23EE79021ECE991B6A29DC517264C ft=1 fh=786c49130744b91c vn="a variant of Win32/Injector.AINT trojan" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51a9ae7a-4ba5fd0f"
sh=71E2FD0223D41ECCCFCD9704EC02F3B16E7248E0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\41925446-1259a06b"
sh=3163A31B3444150A1F5B86CDCEC95285C0A9301F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFN trojan" ac=I fn="C:\Users\Philipp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\e817a7d-36ade398"
sh=BFA0871C143D999258583C54E738F55B385C434B ft=1 fh=c7930b9cda96b124 vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\Philipp\Desktop\vlc-2.0.8-win32.exe"
Checkup
Code:
Results of screen317's Security Check version 0.99.80 
 Windows 7 Service Pack 1 x64 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 23 
 Java 7 Update 51 
 Adobe Flash Player 10 Flash Player out of Date!
 Google Chrome 33.0.1750.146 
 Google Chrome 33.0.1750.154 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Philipp (administrator) on PHILIPP-PC on 01-04-2014 21:56:40
Running from C:\Users\Philipp\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(France Telecom SA) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(France Telecom SA) C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 7\MMReminderService.exe [37392 2007-05-18] (Mindjet)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [CardDetectorHUAWEI1752_1552] - C:\Program Files (x86)\CardDetector\HUAWEI1752_1552\CardDetector.exe [287472 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [BEWINTERNET-CHSessionManager] - C:\Program Files (x86)\Internet Everywhere\IEWCH_8.0\SessionManager\SessionManager.exe [140016 2009-11-12] (France Telecom SA)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [NoteTaker] -  -silent
HKU\S-1-5-21-2499104989-183997506-3760272782-1000\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR HomePage: hxxp://www.opti-page.com/?babsrc=HP_ss&mntrId=3C3246AC4C3B72A0&affID=126473&tsp=5040
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]
CHR Extension: (YouTube) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 FTRTSVC; C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [90112 2009-11-12] (France Telecom SA)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2010-03-08] (Samsung Electronics Co., Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-12] (Samsung Electronics)
S3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 21:52 - 2014-04-01 21:52 - 00001010 _____ () C:\Users\Philipp\Downloads\checkup.txt
2014-04-01 21:18 - 2014-04-01 21:45 - 00341307 _____ () C:\Users\Philipp\Desktop\Stude QZ RE 20140507 (2).pptx
2014-04-01 19:04 - 2014-04-01 19:04 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_enu.exe
2014-04-01 19:04 - 2014-04-01 19:04 - 00987442 _____ () C:\Users\Philipp\Downloads\SecurityCheck.exe
2014-03-31 23:21 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-31 23:13 - 2014-03-31 23:13 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 23:13 - 2014-03-31 23:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 23:13 - 2014-03-31 23:13 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-31 23:13 - 2014-03-31 23:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-31 23:13 - 2014-03-31 23:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-31 23:13 - 2014-03-31 23:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-31 23:13 - 2014-03-31 23:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-31 23:13 - 2014-03-31 23:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-31 23:13 - 2014-03-31 23:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-31 23:13 - 2014-03-31 23:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-31 23:13 - 2014-03-31 23:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-31 23:11 - 2014-03-31 23:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-31 23:10 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-31 23:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-31 23:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-31 23:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-31 23:08 - 2014-03-31 23:10 - 00005933 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-31 22:11 - 2014-03-31 22:11 - 00296846 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-31 22:10 - 2014-03-31 22:10 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-31 22:09 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-31 22:09 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-31 22:09 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-31 22:09 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-31 20:58 - 2014-03-31 20:58 - 00002141 _____ () C:\Users\Philipp\Downloads\JRT.txt
2014-03-31 20:57 - 2014-03-31 20:57 - 00002141 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-03-31 20:49 - 2014-03-31 20:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 20:48 - 2014-03-31 20:48 - 00006693 _____ () C:\Users\Philipp\Downloads\AdwCleaner[S0].txt
2014-03-31 20:42 - 2014-03-31 20:44 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:42 - 2014-03-31 20:42 - 00015500 _____ () C:\Users\Philipp\Downloads\mbam.txt
2014-03-31 19:33 - 2014-04-01 21:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 19:33 - 2014-03-31 19:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 19:33 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 19:33 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 19:33 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 19:32 - 2014-03-31 19:32 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner (1).exe
2014-03-31 07:02 - 2014-03-31 07:02 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-30 23:19 - 2014-03-31 22:10 - 00293814 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-30 23:10 - 2014-03-30 23:19 - 00009659 _____ () C:\Windows\IE10_main.log
2014-03-30 22:41 - 2014-03-30 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-30 22:41 - 2014-03-02 14:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-30 22:24 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-30 22:24 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-30 22:24 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-03-30 22:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-30 22:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-30 19:14 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-30 19:14 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-30 19:14 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-30 19:14 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-30 19:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-30 19:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-30 19:14 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-30 19:14 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-30 19:13 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-30 19:13 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-30 19:13 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-30 19:13 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-30 19:13 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-03-30 19:13 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-30 19:13 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-03-30 19:13 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-30 19:11 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-30 19:11 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-03-30 19:11 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-03-30 19:11 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-03-30 19:11 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-03-30 19:09 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-30 19:09 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-30 19:09 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-30 19:09 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-30 19:09 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-30 19:09 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-30 19:09 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-30 19:09 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-30 19:09 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-03-30 19:09 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-03-30 19:09 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-03-30 19:09 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-03-30 19:08 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-30 19:08 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-30 19:08 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-30 19:08 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-30 19:08 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-30 19:08 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-30 19:08 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-30 19:08 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-30 19:08 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-30 19:08 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-30 19:08 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-30 19:08 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-03-30 19:08 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-03-30 19:08 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-30 19:08 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-03-30 19:08 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-30 19:08 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-03-30 19:08 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-30 19:08 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-30 19:08 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-30 19:08 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-30 19:08 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-30 19:08 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-30 19:07 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-30 19:07 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-30 19:07 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-30 19:07 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-30 19:07 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-30 19:07 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-30 19:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-30 19:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-03-30 19:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-30 19:07 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-30 19:07 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-30 19:07 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-03-30 19:07 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-30 19:07 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-03-30 19:07 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-03-30 19:07 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-03-30 19:07 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-03-30 19:07 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-03-30 19:07 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-03-30 19:07 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-03-30 19:07 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-03-30 19:07 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-03-30 19:07 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-03-30 19:07 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-03-30 19:07 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-03-30 19:07 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-03-30 19:06 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-30 19:06 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-30 19:06 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-30 19:06 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-30 19:06 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-30 19:06 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-30 19:06 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-30 19:06 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-30 19:06 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-30 19:06 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-30 19:06 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-30 19:06 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-30 19:06 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-30 19:06 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-30 19:06 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-30 19:06 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-30 19:06 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 19:06 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-30 19:06 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-03-30 19:06 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-03-30 19:06 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-30 19:06 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-30 19:06 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-30 19:06 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-03-30 19:06 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-03-30 19:06 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-03-30 19:05 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-30 19:05 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-30 19:05 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-30 19:05 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-30 19:05 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-30 19:05 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-30 19:05 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-30 19:05 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-30 19:05 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-30 19:05 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-30 19:05 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-30 19:05 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-30 19:05 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-30 19:05 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-30 19:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-30 19:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-30 19:05 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-30 19:05 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-30 19:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-30 19:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-30 19:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-30 19:05 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-30 19:05 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-30 19:05 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-30 19:05 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-30 19:05 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-30 19:05 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-30 19:05 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-30 19:05 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-30 19:05 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-30 19:05 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-30 19:05 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-30 19:05 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-03-30 19:05 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-30 19:05 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-03-30 19:05 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-03-30 19:05 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-30 19:05 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-03-30 19:05 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-30 19:05 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-03-30 19:05 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-30 19:04 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-30 19:04 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-30 19:04 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-30 19:04 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-30 19:04 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-30 19:04 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-30 19:04 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-30 19:04 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-30 19:04 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-30 19:04 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-03-30 19:04 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-30 19:03 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-30 19:03 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-30 19:03 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-30 19:03 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-03-30 18:29 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-30 18:29 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-03-30 12:21 - 2014-03-30 12:21 - 00023589 _____ () C:\ComboFix.txt
2014-03-30 12:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-30 12:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-30 12:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-30 12:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-30 11:59 - 2014-03-30 12:21 - 00000000 ____D () C:\Qoobox
2014-03-30 11:58 - 2014-03-30 12:17 - 00000000 ____D () C:\Windows\erdnt
2014-03-30 11:50 - 2014-03-30 11:51 - 05192353 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-03-30 09:56 - 2014-03-31 06:39 - 00001268 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-03-30 09:56 - 2014-03-31 06:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 09:54 - 2014-03-30 09:54 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner.exe
2014-03-30 09:54 - 2014-03-30 09:54 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-03-30 09:53 - 2014-03-30 09:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 09:52 - 2014-03-30 09:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-03-30 09:25 - 2014-03-30 09:27 - 00043120 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-03-30 09:25 - 2014-03-30 09:24 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-03-30 09:25 - 2014-03-30 09:00 - 00041563 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-03-30 09:24 - 2014-03-30 22:06 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-03-30 09:24 - 2014-03-30 09:24 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-03-30 09:23 - 2014-03-30 09:23 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-03-30 09:22 - 2014-03-30 09:22 - 00010460 _____ () C:\Users\Philipp\Desktop\gmer.txt
2014-03-30 09:02 - 2014-03-30 09:02 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-30 09:01 - 2014-03-30 09:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-30 09:01 - 2014-03-30 09:01 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-30 09:01 - 2014-03-30 09:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-30 09:00 - 2014-03-30 09:00 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-30 08:59 - 2014-03-30 08:59 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-03-30 08:56 - 2014-03-31 21:01 - 00024285 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-03-30 08:54 - 2014-04-01 21:56 - 00017650 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-03-30 08:54 - 2014-03-30 08:54 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:53 - 2014-04-01 21:56 - 00000000 ____D () C:\FRST
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:47 - 2014-03-30 08:47 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-30 08:47 - 2014-03-30 08:47 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-30 08:44 - 2014-03-31 23:22 - 00020878 _____ () C:\Windows\IE11_main.log
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:33 - 2014-03-19 23:19 - 08092301 _____ () C:\Users\Philipp\Desktop\Stude AAD 20140320.pptx
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:21 - 2014-03-12 23:23 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe

==================== One Month Modified Files and Folders =======

2014-04-01 21:56 - 2014-03-30 08:54 - 00017650 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-04-01 21:56 - 2014-03-30 08:53 - 00000000 ____D () C:\FRST
2014-04-01 21:52 - 2014-04-01 21:52 - 00001010 _____ () C:\Users\Philipp\Downloads\checkup.txt
2014-04-01 21:47 - 2011-07-24 08:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 21:45 - 2014-04-01 21:18 - 00341307 _____ () C:\Users\Philipp\Desktop\Stude QZ RE 20140507 (2).pptx
2014-04-01 21:45 - 2014-03-31 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 21:01 - 2010-08-30 11:10 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-01 20:58 - 2011-01-08 15:32 - 00000000 ____D () C:\Users\Philipp\Software
2014-04-01 20:45 - 2011-03-14 21:40 - 00000000 ____D () C:\Users\Philipp\BW
2014-04-01 19:04 - 2014-04-01 19:04 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_enu.exe
2014-04-01 19:04 - 2014-04-01 19:04 - 00987442 _____ () C:\Users\Philipp\Downloads\SecurityCheck.exe
2014-04-01 18:59 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 18:59 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 07:07 - 2013-10-12 17:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b.job
2014-04-01 07:07 - 2011-01-08 07:48 - 00001425 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-01 07:06 - 2012-04-29 12:33 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-01 07:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 07:05 - 2009-07-14 06:51 - 00153950 _____ () C:\Windows\setupact.log
2014-03-31 23:22 - 2014-03-30 08:44 - 00020878 _____ () C:\Windows\IE11_main.log
2014-03-31 23:22 - 2010-10-28 13:33 - 01425879 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 23:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-31 23:13 - 2014-03-31 23:13 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 23:13 - 2014-03-31 23:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 23:13 - 2014-03-31 23:13 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-31 23:13 - 2014-03-31 23:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-31 23:13 - 2014-03-31 23:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-31 23:13 - 2014-03-31 23:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-31 23:13 - 2014-03-31 23:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-31 23:13 - 2014-03-31 23:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-31 23:13 - 2014-03-31 23:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-31 23:13 - 2014-03-31 23:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-31 23:13 - 2014-03-31 23:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-31 23:13 - 2014-03-31 23:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-31 23:13 - 2014-03-31 23:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-31 23:11 - 2014-03-31 23:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-31 23:10 - 2014-03-31 23:08 - 00005933 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-31 23:10 - 2011-01-20 23:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-31 22:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-31 22:28 - 2010-10-28 23:25 - 00657676 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 22:28 - 2010-10-28 23:25 - 00131016 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 22:28 - 2009-07-14 07:13 - 01528474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 22:11 - 2014-03-31 22:11 - 00296846 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-03-31 22:10 - 2014-03-31 22:10 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-31 22:10 - 2014-03-30 23:19 - 00293814 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-03-31 21:01 - 2014-03-30 08:56 - 00024285 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-03-31 20:58 - 2014-03-31 20:58 - 00002141 _____ () C:\Users\Philipp\Downloads\JRT.txt
2014-03-31 20:57 - 2014-03-31 20:57 - 00002141 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-03-31 20:49 - 2014-03-31 20:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 20:48 - 2014-03-31 20:48 - 00006693 _____ () C:\Users\Philipp\Downloads\AdwCleaner[S0].txt
2014-03-31 20:45 - 2010-10-28 13:30 - 00199870 _____ () C:\Windows\PFRO.log
2014-03-31 20:44 - 2014-03-31 20:42 - 00000000 ____D () C:\AdwCleaner
2014-03-31 20:42 - 2014-03-31 20:42 - 00015500 _____ () C:\Users\Philipp\Downloads\mbam.txt
2014-03-31 19:33 - 2014-03-31 19:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 19:33 - 2014-03-31 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 19:32 - 2014-03-31 19:32 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000 (1).exe
2014-03-31 19:31 - 2014-03-31 19:31 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner (1).exe
2014-03-31 07:02 - 2014-03-31 07:02 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-31 07:02 - 2010-08-30 11:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-31 06:57 - 2010-08-30 11:24 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-03-31 06:47 - 2010-08-30 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-31 06:39 - 2014-03-30 09:56 - 00001268 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-03-31 06:39 - 2014-03-30 09:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-31 06:31 - 2011-01-08 07:48 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 06:31 - 2011-01-08 07:48 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-31 06:26 - 2009-07-14 06:45 - 00446128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-31 06:23 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-31 06:23 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-31 06:22 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-30 23:19 - 2014-03-30 23:10 - 00009659 _____ () C:\Windows\IE10_main.log
2014-03-30 22:44 - 2014-03-30 22:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-30 22:06 - 2014-03-30 09:24 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-30 21:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-30 18:24 - 2011-01-08 10:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-30 13:08 - 2011-01-08 09:43 - 01526948 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-30 12:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-03-30 12:42 - 2013-12-07 00:13 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cec763a7b6520b
2014-03-30 12:42 - 2011-07-24 08:13 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 12:21 - 2014-03-30 12:21 - 00023589 _____ () C:\ComboFix.txt
2014-03-30 12:21 - 2014-03-30 11:59 - 00000000 ____D () C:\Qoobox
2014-03-30 12:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-30 12:17 - 2014-03-30 11:58 - 00000000 ____D () C:\Windows\erdnt
2014-03-30 12:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-30 11:51 - 2014-03-30 11:50 - 05192353 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-03-30 11:51 - 2011-04-10 20:47 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-30 11:39 - 2012-03-10 02:02 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-03-30 11:19 - 2013-04-06 21:12 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Firstload
2014-03-30 09:54 - 2014-03-30 09:54 - 01950720 _____ () C:\Users\Philipp\Downloads\adwcleaner.exe
2014-03-30 09:54 - 2014-03-30 09:54 - 01038974 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-03-30 09:53 - 2014-03-30 09:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 09:52 - 2014-03-30 09:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-03-30 09:27 - 2014-03-30 09:25 - 00043120 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-03-30 09:24 - 2014-03-30 09:25 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-03-30 09:24 - 2014-03-30 09:24 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-03-30 09:24 - 2011-01-08 07:46 - 00000000 ____D () C:\Users\Philipp
2014-03-30 09:23 - 2014-03-30 09:23 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-03-30 09:22 - 2014-03-30 09:22 - 00010460 _____ () C:\Users\Philipp\Desktop\gmer.txt
2014-03-30 09:02 - 2014-03-30 09:02 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-30 09:02 - 2014-03-30 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-30 09:02 - 2014-03-30 09:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-30 09:01 - 2014-03-30 09:01 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-30 09:01 - 2014-03-30 09:01 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-30 09:01 - 2014-03-30 09:01 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-30 09:01 - 2014-03-30 09:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-30 09:00 - 2014-03-30 09:25 - 00041563 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-03-30 09:00 - 2014-03-30 09:00 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-30 08:59 - 2014-03-30 08:59 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-03-30 08:54 - 2014-03-30 08:54 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:54 - 2014-03-30 08:54 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-30 08:53 - 2014-03-30 08:53 - 02157056 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-03-30 08:47 - 2014-03-30 08:47 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-30 08:47 - 2014-03-30 08:47 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-30 08:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-27 23:22 - 2014-02-27 23:42 - 00038788 _____ () C:\Users\Philipp\Desktop\temp log.xlsx
2014-03-27 22:41 - 2014-03-27 22:41 - 00000165 ____H () C:\Users\Philipp\Desktop\~$temp log.xlsx
2014-03-23 22:06 - 2012-08-17 20:17 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-03-23 22:06 - 2011-03-28 13:47 - 00000000 ____D () C:\Users\Philipp\Documents\Privat
2014-03-19 23:19 - 2014-03-15 22:33 - 08092301 _____ () C:\Users\Philipp\Desktop\Stude AAD 20140320.pptx
2014-03-18 07:57 - 2014-03-18 07:57 - 03956224 _____ () C:\Users\Philipp\Desktop\AADDüsseldorf2011.ppt
2014-03-15 22:53 - 2013-10-21 21:13 - 00000000 ____D () C:\Users\Philipp\Desktop\Studentenunterricht 20131022
2014-03-15 18:54 - 2013-06-23 10:42 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 23:24 - 2014-03-12 23:24 - 00000000 ____D () C:\Users\Philipp\Documents\Der_Neue_Karolus_6
2014-03-12 23:23 - 2014-03-12 23:21 - 72033779 _____ (Veris GfB mbH) C:\Users\Philipp\Downloads\Der_Neue_Karolus_6_Demo.exe
2014-03-07 23:23 - 2013-10-16 10:45 - 00000000 ____D () C:\Users\Philipp\Desktop\NL
2014-03-05 21:02 - 2013-04-09 22:47 - 00000000 ____D () C:\Users\Philipp\Documents\Temp WPT
2014-03-05 09:26 - 2014-03-31 19:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-31 19:33 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-31 19:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 14:05 - 2014-03-30 22:41 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 22:35

==================== End Of Log ============================
--- --- ---

schrauber 02.04.2014 13:49
Nein die sind im Java Cache, leeren wir jetzt.

Flash Player updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

holliday4350 02.04.2014 21:00
DANKE!!!
Scheint alles zu funktionieren. Danke für die weiterführenden Tipps noch.
Gespendet ist auch, ein klasse Forum ist das hier. Und nebenbei noch viel gelernt zum Thema.
Danke und viele Grüße, Philipp

schrauber 03.04.2014 12:02
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131