Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden (https://www.trojaner-board.de/148885-rundll-problem-beim-starten-c-programmfiles-hometab-tbupdater-dll-angegebene-modul-wurde-gefunden.html)

bastl 29.01.2014 15:04
RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
 
Ich habe erstmal mit FRST gescannt

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Brewing-Dürschmid (administrator) on BREWING-DÜRS-PC on 29-01-2014 13:47:10
Running from C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM443O0L
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Brewing-Dürschmid\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [333344 2008-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-04-15] (Apple Computer, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Allin1Convert EPM Support] - "C:\PROGRA~2\ALLIN1~2\bar\2.bin\8hmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Utility Chest EPM Support] - "C:\PROGRA~2\UTILIT~2\bar\1.bin\49medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
MountPoints2: {0ed83fb9-013c-11e1-b345-00248c5d2bd0} - J:\pushinst.exe
MountPoints2: {ff7b3dfc-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe
MountPoints2: {ff7b3e39-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1344800 2014-01-01] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1037600 2014-01-01] (Conduit)
Startup: C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.37811539951634754.exe.lnk
ShortcutTarget: 0.37811539951634754.exe.lnk -> C:\Users\BREWIN~1\AppData\Local\Temp\0.37811539951634754.exe (No File)
Startup: C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.7758003639443759.exe.lnk
ShortcutTarget: 0.7758003639443759.exe.lnk -> C:\Users\BREWIN~1\AppData\Local\Temp\0.7758003639443759.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5FE41672357CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP7047DA94-7677-4ABA-A235-A0805F585999&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP7047DA94-7677-4ABA-A235-A0805F585999&q={searchTerms}&SSPV=
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
SearchScopes: HKCU - {5BDFF369-0F9A-4B8B-9ABE-D5288E30A8A5} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A971673-50DD-464E-994A-0AB9A0C45F46} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {838BC224-C1A7-47E9-95C6-1807817A231B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {923FABB4-DEDB-4002-8C91-68BD4AA7F4BB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb110/?search={searchTerms}&loc=IB_DS&a=6PQjj6kOdz&i=26
SearchScopes: HKCU - {EC98B355-C47F-4150-9D6C-C2D0FD70B202} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
BHO-x32: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll (weDownload)
BHO-x32: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} -  No File
BHO-x32: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default
FF user.js: detected! => C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default\user.js
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Homepage: hxxp://web.de/
FF Keyword.URL: hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6PQjj6kOdz&&i=26&search=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Allin1Convert_8h.com/Plugin - C:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\NP8hStub.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar-Player - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF SearchPlugin: C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: weDownload Manager Pro - C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com [2013-12-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp498@crossrider.com] - C:\Users\Brewing-Dürschmid\AppData\Local\RewardsArcade\498\Firefox
FF Extension: RewardsArcade - C:\Users\Brewing-Dürschmid\AppData\Local\RewardsArcade\498\Firefox [2011-12-25]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (RewardsArcade) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2014-01-28]
CHR Extension: (weDownload Manager Pro) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Brewing-Dürschmid\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2011-11-04]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2301216 2014-01-01] (Conduit)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-11-21] (The OpenVPN Project)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 IpInIp; No ImagePath
S3 NAVENG; No ImagePath
S3 NAVEX15; No ImagePath
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S1 SRTSP; No ImagePath
S1 SRTSPX; No ImagePath
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia)
S3 VBoxNetFlt; No ImagePath
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
R3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 06:58 - 2014-01-29 06:58 - 00000000 ____D C:\FRST
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-19 09:26 - 2014-01-29 10:57 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 09:26 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files\Google
2014-01-19 09:26 - 2014-01-19 09:29 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:25 - 2014-01-29 13:38 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 09:25 - 2014-01-29 09:38 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 09:25 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-19 09:25 - 2014-01-19 09:33 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:25 - 2014-01-19 09:33 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-15 20:46 - 2014-01-15 20:46 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-11 01:55 - 2013-11-15 02:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-11 01:55 - 2013-11-15 01:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-11 01:55 - 2013-11-15 01:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-11 01:55 - 2013-11-15 01:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-11 01:55 - 2013-11-15 01:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-11 01:55 - 2013-11-15 01:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-11 01:55 - 2013-11-15 01:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-11 01:55 - 2013-11-15 01:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-11 01:55 - 2013-11-15 01:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-11 01:55 - 2013-11-15 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-11 01:55 - 2013-11-15 01:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-11 01:55 - 2013-11-15 01:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-11 01:55 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-11 01:55 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-11 01:55 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-11 01:55 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-11 01:55 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-11 01:55 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-11 01:55 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-11 01:55 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-11 01:55 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-11 01:23 - 2014-01-15 21:25 - 00000000 ____D C:\Windows\system32\MRT
2014-01-11 01:07 - 2013-10-03 15:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-11 01:07 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 02:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 02:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-11 01:07 - 2013-08-27 01:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 01:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 01:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-11 01:07 - 2013-08-27 01:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-11 01:07 - 2013-07-17 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-11 01:07 - 2013-07-17 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-11 01:07 - 2013-07-08 04:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-11 01:07 - 2013-07-08 04:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-11 01:07 - 2013-07-08 04:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 04:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-11 01:07 - 2013-07-08 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 01:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-11 01:07 - 2013-04-24 04:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-11 01:07 - 2013-04-24 04:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-11 01:07 - 2013-04-24 02:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-11 01:07 - 2013-04-24 01:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-11 01:07 - 2013-04-17 13:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-11 01:07 - 2013-04-17 12:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-11 01:06 - 2013-10-30 02:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 01:06 - 2013-10-22 09:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-11 01:06 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-11 01:06 - 2013-10-11 04:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-11 01:06 - 2013-10-11 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-11 01:06 - 2013-10-11 04:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 04:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-11 01:06 - 2013-10-11 02:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2014-01-11 01:06 - 2013-10-11 02:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-11 01:06 - 2013-10-11 02:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-11 01:06 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-11 01:06 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-11 01:06 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-11 01:06 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-11 01:06 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-11 01:06 - 2013-10-03 15:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-11 01:06 - 2013-10-03 12:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-11 01:06 - 2013-09-04 02:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-11 01:06 - 2013-08-29 08:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2014-01-11 01:06 - 2013-08-02 14:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-02 04:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-01 04:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-11 01:06 - 2013-08-01 03:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-11 01:06 - 2013-07-20 10:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-20 10:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-16 09:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-11 01:06 - 2013-07-16 04:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-11 01:06 - 2013-07-10 09:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-11 01:06 - 2013-07-10 09:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-11 01:06 - 2013-07-08 04:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-11 01:06 - 2013-07-08 04:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-11 01:06 - 2013-07-05 04:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-11 01:06 - 2013-07-04 04:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-11 01:06 - 2013-07-04 04:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-11 01:06 - 2013-07-03 02:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-01-11 01:06 - 2013-07-03 02:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-11 01:06 - 2013-06-26 23:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-11 01:06 - 2013-06-15 13:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-11 01:06 - 2013-06-15 11:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-11 01:06 - 2013-06-04 04:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-11 01:06 - 2013-06-04 04:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-11 01:06 - 2013-06-04 02:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-11 01:06 - 2013-06-04 01:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-11 01:06 - 2013-06-01 04:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-11 01:06 - 2013-06-01 04:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-11 01:05 - 2013-06-29 02:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-11 00:50 - 2013-10-30 04:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-11 00:50 - 2013-10-30 03:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-11 00:50 - 2013-10-30 02:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-11 00:50 - 2013-05-02 04:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-08 22:12 - 2014-01-25 06:31 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-04 00:24 - 2014-01-12 19:03 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-30 21:24 - 2013-12-30 21:24 - 00001884 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-12-30 09:54 - 2013-12-30 09:54 - 00781577 _____ C:\Users\Brewing-Dürschmid\Documents\mon30dec1.ods
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\Windows\Sun
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 08:38 - 2012-07-23 11:55 - 00157488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-12-30 08:37 - 2012-07-23 11:55 - 00149296 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-12-30 08:37 - 2012-07-23 11:55 - 00149296 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-12-30 08:15 - 2013-12-30 08:15 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\OpenOffice
2013-12-30 08:10 - 2014-01-29 05:40 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\weDownload Manager Pro
2013-12-30 08:09 - 2013-12-30 08:10 - 00466536 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistMSI559E.txt
2013-12-30 08:09 - 2013-12-30 08:10 - 00015464 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistUI559E.txt
2013-12-30 08:06 - 2014-01-29 08:06 - 00002312 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2013-12-30 08:06 - 2014-01-29 08:06 - 00002036 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2013-12-30 08:06 - 2014-01-29 08:06 - 00001404 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2013-12-30 08:06 - 2014-01-29 08:06 - 00001306 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2013-12-30 08:06 - 2014-01-29 08:06 - 00001206 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2013-12-30 08:06 - 2013-12-30 08:06 - 00004434 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-30 08:06 - 2013-12-30 08:06 - 00004336 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-30 08:06 - 2013-12-30 08:06 - 00004236 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-30 08:06 - 2013-12-30 08:06 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-30 08:05 - 2014-01-15 20:46 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-30 08:05 - 2013-12-30 08:06 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\SearchProtect

==================== One Month Modified Files and Folders =======

2014-01-29 13:47 - 2011-06-04 18:42 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Formbet
2014-01-29 13:44 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 13:44 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 13:38 - 2014-01-19 09:25 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 13:20 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Dropbox
2014-01-29 13:01 - 2012-06-23 06:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 11:12 - 2009-05-12 13:09 - 01742193 _____ C:\Windows\WindowsUpdate.log
2014-01-29 10:57 - 2014-01-19 09:26 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 09:38 - 2014-01-19 09:25 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 08:12 - 2009-10-22 22:19 - 00000000 ____D C:\Users\Brewing-Dürschmid
2014-01-29 08:06 - 2013-12-30 08:06 - 00002312 _____ C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-01-29 08:06 - 2013-12-30 08:06 - 00002036 _____ C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-01-29 08:06 - 2013-12-30 08:06 - 00001404 _____ C:\Windows\Tasks\weDownload Manager Pro-updater.job
2014-01-29 08:06 - 2013-12-30 08:06 - 00001306 _____ C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-01-29 08:06 - 2013-12-30 08:06 - 00001206 _____ C:\Windows\Tasks\weDownload Manager Pro-enabler.job
2014-01-29 06:58 - 2014-01-29 06:58 - 00000000 ____D C:\FRST
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 06:39 - 2011-11-01 20:48 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\HpUpdate
2014-01-29 06:37 - 2009-10-22 22:23 - 00000000 ___RD C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-29 05:49 - 2009-04-20 14:40 - 00003600 _____ C:\Windows\System32\Tasks\HP Health Check
2014-01-29 05:47 - 2012-10-01 13:00 - 00000000 ___RD C:\Users\Brewing-Dürschmid\Dropbox
2014-01-29 05:44 - 2011-07-31 18:43 - 00000368 _____ C:\Windows\Tasks\RegistryBooster.job
2014-01-29 05:43 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 05:41 - 2006-11-02 15:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 05:40 - 2013-12-30 08:10 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\weDownload Manager Pro
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-28 21:45 - 2011-07-24 10:43 - 00002479 _____ C:\Users\Brewing-Dürschmid\Desktop\Betting Assistant.lnk
2014-01-28 09:25 - 2009-11-24 08:54 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-28 09:22 - 2011-07-24 10:43 - 00002509 _____ C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk
2014-01-25 16:59 - 2009-04-20 22:53 - 00628742 _____ C:\Windows\system32\perfh007.dat
2014-01-25 16:59 - 2009-04-20 22:53 - 00126486 _____ C:\Windows\system32\perfc007.dat
2014-01-25 16:59 - 2006-11-02 12:46 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 06:31 - 2014-01-08 22:12 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-23 23:29 - 2013-08-18 08:59 - 00035328 _____ C:\Users\Brewing-Dürschmid\Documents\Bundesliga Tippsensation.xls
2014-01-21 08:26 - 2014-01-19 09:26 - 00000000 ____D C:\Program Files\Google
2014-01-21 08:26 - 2014-01-19 09:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 08:26 - 2008-01-21 03:26 - 00433446 _____ C:\Windows\PFRO.log
2014-01-19 09:33 - 2014-01-19 09:25 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:33 - 2014-01-19 09:25 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-19 09:29 - 2014-01-19 09:26 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:29 - 2011-05-22 18:13 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Google
2014-01-19 09:28 - 2009-11-09 20:01 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Adobe
2014-01-19 09:25 - 2012-06-23 06:20 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-19 09:25 - 2012-05-25 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-19 09:25 - 2011-07-08 05:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-15 21:25 - 2014-01-11 01:23 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 21:21 - 2006-11-02 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 20:46 - 2014-01-15 20:46 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2014-01-15 20:46 - 2013-12-30 08:05 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2014-01-14 09:42 - 2009-11-11 12:58 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Eigene Scans
2014-01-12 19:03 - 2014-01-04 00:24 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-11 23:39 - 2010-03-02 13:44 - 00000000 ____D C:\ProgramData\Installations
2014-01-11 19:25 - 2006-11-02 15:21 - 00327752 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 19:18 - 2009-10-22 22:23 - 00086592 _____ C:\Users\Brewing-Dürschmid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-11 09:03 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\rescache
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Program Files\Windows Journal
2014-01-11 08:41 - 2009-04-20 13:48 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2014-01-10 13:22 - 2013-12-28 23:29 - 00000000 ___HD C:\Users\Brewing-Dürschmid\AppData\Roaming\EE7B8440
2014-01-10 11:50 - 2012-10-01 13:00 - 00000957 _____ C:\Users\Brewing-Dürschmid\Desktop\Dropbox.lnk
2014-01-10 11:50 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 12:09 - 2012-11-08 07:57 - 00000948 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2014-01-08 12:09 - 2012-11-08 07:57 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2014-01-07 10:36 - 2009-11-09 20:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-04 01:11 - 2013-12-28 23:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 01:06 - 2006-11-02 12:34 - 00000172 _____ C:\Windows\win.ini
2014-01-04 00:56 - 2012-01-19 09:14 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Theater-Dienstpläne
2014-01-04 00:45 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 23:55 - 2011-03-18 21:15 - 00000000 ____D C:\BetDynamics
2014-01-03 23:50 - 2009-10-27 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-03 23:47 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-03 23:37 - 2013-03-05 06:58 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-03 23:37 - 2013-03-05 06:57 - 00000000 ____D C:\ProgramData\Avira
2014-01-01 23:00 - 2011-08-16 11:16 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Dienstpläne
2014-01-01 22:17 - 2010-06-25 11:11 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 15:49 - 2009-10-24 16:50 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Adobe
2013-12-30 21:24 - 2013-12-30 21:24 - 00001884 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-12-30 21:24 - 2010-03-04 18:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-30 09:54 - 2013-12-30 09:54 - 00781577 _____ C:\Users\Brewing-Dürschmid\Documents\mon30dec1.ods
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\Windows\Sun
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 08:15 - 2013-12-30 08:15 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\OpenOffice
2013-12-30 08:10 - 2013-12-30 08:09 - 00466536 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistMSI559E.txt
2013-12-30 08:10 - 2013-12-30 08:09 - 00015464 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistUI559E.txt
2013-12-30 08:06 - 2013-12-30 08:06 - 00004434 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-updater
2013-12-30 08:06 - 2013-12-30 08:06 - 00004336 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
2013-12-30 08:06 - 2013-12-30 08:06 - 00004236 _____ C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
2013-12-30 08:06 - 2013-12-30 08:06 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-30 08:06 - 2013-12-30 08:05 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\SearchProtect

Files to move or delete:
====================
C:\ProgramData\hpe8A9B.dll
C:\Users\Brewing-Dürschmid\Exchange-Pirate-Update.exe
C:\Users\Brewing-Dürschmid\FileFormatConverters.exe
C:\Users\Brewing-Dürschmid\Setup_ForteFree.EXE
C:\Users\Brewing-Dürschmid\xobglu16.dll
C:\Users\Brewing-Dürschmid\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\avgnt.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\PC-Suite.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\ResetDevice.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\_is9EB2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 05:49

==================== End Of Log ============================

Und desweiteren

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Brewing-Dürschmid at 2014-01-29 13:47:32
Running from C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM443O0L
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1.0.4.0 (x32 Version:  - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Allin1Convert Internet Explorer Toolbar (x32 Version:  - Mindspark Interactive Network) <==== ATTENTION
AnalogX Atomic TimeSync (x32 Version:  - AnalogX)
ATI Catalyst Install Manager (Version: 3.0.710.0 - ATI Technologies, Inc.)
Avira Family Protection Suite (x32 Version: 14.0.2.286 - Avira)
AVM FRITZ!WLAN (x32 Version:  - AVM Berlin)
Back2Lay (x32 Version: 1.00 - StakeSoft)
Back2Lay (x32 Version: 1.00 - StakeSoft) Hidden
Betting Assistant (x32 Version: 1.0.64 - Gruss Software Ltd)
Biathlon 2005 (x32 Version:  - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (x32 Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (x32 Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.3.0.6 - Canon Inc.)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (x32 Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0115.2140.38867 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help English (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help French (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help German (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0115.2140.38867 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0115.2140.38867 - ATI) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
Definition update for Microsoft Office 2010 (KB982726) (x32 Version:  - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dienstbuch für Diensteinteiler (x32 Version: 2.7 - Lars-Peter Lawrenz)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden
DriverBoost (x32 Version: 8.1 - DriverBoost)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
F4500 (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden
FormBet (x32 Version: 2.15 - StakeSoft)
FormBet (x32 Version: 2.15 - StakeSoft) Hidden
Forte Free 2.0 (x32 Version:  - )
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnose Tools (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HMA! Pro VPN 2.8.3.1 (x32 Version: 2.8.3.1 - )
HP Active Support Library (x32 Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2875 - Hewlett-Packard)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (Version: 13.0 - HP)
HP Games (x32 Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP MediaSmart DVD (x32 Version: 2.1.2431 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2431 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Print Projects 1.0 (Version: 1.0 - HP)
HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Support Information (x32 Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Advisor (x32 Version: 2.4.6171.2860 - Hewlett-Packard)
HP Total Care Setup (x32 Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (x32 Version: 6.0.330 - Oracle)
JetBet (x32 Version: 1.195 - StakeSoft)
JetBet (x32 Version: 1.195 - StakeSoft) Hidden
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (x32 Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.16.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.26.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.26.0 - Nokia) Hidden
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2 - Hewlett-Packard)
PC Connectivity Solution (x32 Version: 9.13.1.0 - Nokia)
phonostar-Player Version 3.03.1 (x32 Version:  - )
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (x32 Version: 2.12 - Python Software Foundation)
Python 2.6.1 (x32 Version: 2.6.1150 - Python Software Foundation)
QuickTime (x32 Version:  - )
Rate the Races Deluxe version 1.5 (x32 Version: 1.5 - My Company, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
RewardsArcade (HKCU Version:  - 215 Apps)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Master (x32 Version: 1.1.14 - Samsung)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Sandlot Games Client Services 1.2.2 (x32 Version:  - Sandlot Games)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Search Protect (x32 Version: 2.9.40.12 - Conduit) <==== ATTENTION
Skins (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00 - Sony Ericsson)
sp44626 (x32 Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SteamerBot (x32 Version: 3.07 - StakeSoft)
SteamerBot (x32 Version: 3.07 - StakeSoft) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torino 2006 (x32 Version:  - )
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Utility Chest Internet Explorer Toolbar (x32 Version:  - Mindspark Interactive Network)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
vShare Plugin (x32 Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
weDownload Manager Pro (x32 Version: 1.31.153.0 - weDownload) <==== ATTENTION
Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2) (Version: 02/23/2009 7.01.0.2 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0) (Version: 02/24/2009 4.0 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Restore Points  =========================

14-01-2014 06:14:17 Geplanter Prüfpunkt
14-01-2014 21:20:28 Removed Last Minute Bot
15-01-2014 08:46:22 Windows Update
15-01-2014 21:21:09 Windows Update
16-01-2014 21:34:04 Geplanter Prüfpunkt
18-01-2014 09:10:08 Geplanter Prüfpunkt
19-01-2014 18:05:02 Geplanter Prüfpunkt
20-01-2014 18:57:22 Geplanter Prüfpunkt
21-01-2014 19:32:12 Geplanter Prüfpunkt
22-01-2014 06:09:43 Windows Update
22-01-2014 22:16:08 Geplanter Prüfpunkt
24-01-2014 07:31:07 Geplanter Prüfpunkt
25-01-2014 17:40:48 Geplanter Prüfpunkt
26-01-2014 17:53:43 Geplanter Prüfpunkt
27-01-2014 07:17:55 Geplanter Prüfpunkt
28-01-2014 09:01:27 Windows Update
29-01-2014 04:09:48 Geplanter Prüfpunkt
29-01-2014 05:37:44 Windows-Modulinstallation

==================== Hosts content: ==========================

2006-11-02 12:34 - 2006-09-18 21:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {098E0213-0145-45CF-8471-95E145F2F2A4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Brewing-Dürschmid => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1A5801B3-7C42-444A-99D0-4CC4FF11D7F0} - System32\Tasks\{6DE48F95-54E2-4F7B-8D34-414F98524E2A} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {1B418015-130F-4479-8C95-6F849C2FC3D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2F3ADD3F-B774-41B9-8127-7D0E3DABC12B} - System32\Tasks\RegistryBooster => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
Task: {399F79B2-26BB-4499-934C-248447759342} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {499C14D0-18BA-45B8-9CFE-DA52687466EE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4AB89C8A-DA6D-47DE-978F-17A7EF1F0D25} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2013-12-30] (weDownload)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {64F00CB1-6F3D-4605-80B8-598CFE893A45} - System32\Tasks\weDownload Manager Pro-enabler => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe [2013-12-30] (weDownload) <==== ATTENTION
Task: {6517AB05-5EA7-4592-A14D-6F6D8D9A82FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8336214F-FBE7-4E67-94D1-E8B7F20AA76D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {93B87F98-5620-4DA2-95D4-DA9136E0F78E} - System32\Tasks\weDownload Manager Pro-updater => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe [2013-12-30] (weDownload)
Task: {9B61F641-4261-42D4-B794-AAA05A59A5F8} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {B702791A-7192-4B30-946C-1B3964FA83EB} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2013-12-30] (weDownload)
Task: {B7A3E4EE-EEFE-4697-B11A-17379F476436} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2013-12-30] (weDownload)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegistryBooster.job => C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-enabler.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-updater.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe

==================== Loaded Modules (whitelisted) =============

2009-04-20 14:09 - 2009-01-15 22:28 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2009-04-20 14:09 - 2009-04-20 14:09 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 08:19 - 2008-11-25 08:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-12-10 13:32 - 2008-12-10 13:32 - 00020480 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-03-05 06:58 - 2013-12-09 11:43 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2008-08-12 10:16 - 2008-08-12 10:16 - 02023424 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2008-07-29 13:01 - 2008-07-29 13:01 - 07331840 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2008-07-29 12:50 - 2008-07-29 12:50 - 00364544 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2008-07-29 12:51 - 2008-07-29 12:51 - 00806912 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtNetwork4.dll
2008-07-29 13:47 - 2008-07-29 13:47 - 00135168 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2008-07-29 13:47 - 2008-07-29 13:47 - 00016384 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2008-07-29 13:11 - 2008-07-29 13:11 - 00253952 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2011-04-07 14:52 - 2008-11-07 14:05 - 00196608 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Report.dll
2011-04-07 14:52 - 2009-06-03 16:25 - 00053248 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VObject.dll
2011-04-07 14:52 - 2009-04-01 07:33 - 00106496 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CalEngine.dll
2011-04-07 14:52 - 2009-07-29 10:43 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdLNote.dll
2011-04-07 14:52 - 2009-04-28 10:17 - 00208896 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\CAgdOutlook.dll
2011-04-07 14:52 - 2009-10-13 08:45 - 00225280 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\VistaCalendar.dll
2011-04-07 14:52 - 2009-06-16 16:10 - 00155648 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Contacts.dll
2011-04-07 14:52 - 2009-06-24 14:48 - 00282624 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MESSAGING.dll
2011-04-07 14:52 - 2009-11-17 13:03 - 00745472 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MmsKrnl.dll
2011-04-07 14:52 - 2009-03-26 14:41 - 00315392 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\MelodyEdit.dll
2011-04-07 14:52 - 2009-10-05 15:54 - 00200704 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\LogoEdit.dll
2011-04-07 14:52 - 2009-11-20 13:45 - 00294912 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\Calendar.dll
2012-09-22 14:44 - 2012-09-22 14:44 - 00115137 ____N () C:\Users\Brewing-Dürschmid\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
2008-12-15 14:15 - 2008-12-15 14:15 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Brewing-Dürschmid\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-30 08:06 - 2013-12-30 08:06 - 00428032 _____ () C:\program files (x86)\wedownload manager pro\weDownload Manager Pro-buttonutil.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2014 01:44:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16526, Zeitstempel 0x52855173, fehlerhaftes Modul weDownload Manager Pro-bho.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x527f5b30, Ausnahmecode 0xc0000005, Fehleroffset 0x10067a7a,
Prozess-ID 0x17a0, Anwendungsstartzeit iexplore.exe0.

Error: (01/29/2014 11:38:19 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16526 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1a90
Anfangszeit: 01cf1cba9555473d
Zeitpunkt der Beendigung: 0

Error: (01/29/2014 08:09:09 AM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1e28
Anfangszeit: 01cf1cbf68461083
Zeitpunkt der Beendigung: 1

Error: (01/29/2014 06:28:54 AM) (Source: Application Hang) (User: )
Description: Programm cleanmgr.exe, Version 6.0.6000.16386 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1004
Anfangszeit: 01cf1cba17630f7c
Zeitpunkt der Beendigung: 14

Error: (01/29/2014 06:28:51 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:28:20 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:28:11 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:25:20 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:24:48 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:24:12 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
  Schattenkopien löschen
  Ausführungskontext


System errors:
=============
Error: (01/29/2014 06:01:22 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/29/2014 05:44:14 AM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (01/29/2014 05:43:24 AM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker HP Deskjet F4500 series nicht unter dem Namen HP Deskjet F4500 series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (01/28/2014 11:36:56 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (01/28/2014 10:30:47 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (01/28/2014 09:55:13 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (01/28/2014 09:40:17 PM) (Source: DCOM) (User: Brewing-Dürs-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Brewing-Dürs-PCBrewing-DürschmidS-1-5-21-2217968148-1410518547-3840981162-1000LocalHost (unter Verwendung von LRPC)

Error: (01/28/2014 05:01:02 PM) (Source: Service Control Manager) (User: )
Description: Avira Echtzeit-Scanner101Neustart des Diensts

Error: (01/27/2014 06:12:00 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX

Error: (01/27/2014 06:05:58 PM) (Source: DCOM) (User: Brewing-Dürs-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Brewing-Dürs-PCBrewing-DürschmidS-1-5-21-2217968148-1410518547-3840981162-1000LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (01/29/2014 01:44:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1652652855173weDownload Manager Pro-bho.dll_unloaded0.0.0.0527f5b30c000000510067a7a17a001cf1cf828c3f80d

Error: (01/29/2014 11:38:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.165261a9001cf1cba9555473d0

Error: (01/29/2014 08:09:09 AM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.21e2801cf1cbf684610831

Error: (01/29/2014 06:28:54 AM) (Source: Application Hang)(User: )
Description: cleanmgr.exe6.0.6000.16386100401cf1cba17630f7c14

Error: (01/29/2014 06:28:51 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:28:20 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:28:11 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:25:20 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:24:48 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext

Error: (01/29/2014 06:24:12 AM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy53,0xc0000000,0x00000003,...)0x80070005

Vorgang:
  Schattenkopien löschen
  Ausführungskontext


CodeIntegrity Errors:
===================================
  Date: 2009-10-27 16:34:52.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-10-27 16:34:51.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-10-27 16:34:51.921
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-10-27 16:34:51.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-10-27 16:34:51.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-04-20 15:40:07.386
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-04-20 15:40:07.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-04-20 15:40:07.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2009-04-20 15:40:07.298
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 6142.31 MB
Available physical RAM: 3248.32 MB
Total Pagefile: 12495.15 MB
Available Pagefile: 9228.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:917.55 GB) (Free:761.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.96 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (28 Jan 2014) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 29.01.2014 15:08
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

bastl 30.01.2014 13:47
mbar hängt irgendwo,es tut sich schon eine ganze Weile nichts...

Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.29.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Brewing-Dürschmid :: BREWING-DÜRS-PC [limited]

29.01.2014 14:26:24
mbar-log-2014-01-29 (14-26-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 265717
Time elapsed: 49 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.37811539951634754.exe.lnk (Backdoor.Agent) -> Delete on reboot.
C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.7758003639443759.exe.lnk (Backdoor.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

and the jrt files

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Brewing-Drschmid on 29.01.2014 at 14:29:56.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\allin1convert_8h
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\vshare
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\allin1convert_8h
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\allin1convert_8h
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\vsharechrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rewardsarcade.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rewardsarcade.fbapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rewardsarcade.fbapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.imedixprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.imedixprotocol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.pugiobj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.pugiobj.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.scripthelpers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\vshare.scripthelpers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E44198-D164-4EC0-B2C0-F679D866C6DA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\allin1convert_8hbar uninstall firefox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\allin1convert_8hbar uninstall internet explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043628.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043628.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043628.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0043628.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455365528}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444364428}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455365528}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444364428}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043628.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043628.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043628.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0043628.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455365528}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444364428}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455365528}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444364428}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\registrybooster.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Brewing-Drschmid\appdata\local\rewardsarcade"
Successfully deleted: [Folder] "C:\Users\Brewing-Drschmid\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Brewing-Drschmid\appdata\locallow\vshare"
Successfully deleted: [Folder] "C:\Program Files (x86)\allin1convert_8h"
Successfully deleted: [Folder] "C:\Program Files (x86)\rewardsarcade"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\utilitychest_49"
Successfully deleted: [Folder] "C:\Program Files (x86)\vshare"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Brewing-Drschmid\AppData\Roaming\mozilla\firefox\profiles\k281jjor.default\user.js
Successfully deleted: [File] C:\Users\Brewing-Drschmid\AppData\Roaming\mozilla\firefox\profiles\k281jjor.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Brewing-Drschmid\AppData\Roaming\mozilla\firefox\profiles\k281jjor.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@allin1convert_8h.com/plugin
Successfully deleted the following from C:\Users\Brewing-Drschmid\AppData\Roaming\mozilla\firefox\profiles\k281jjor.default\prefs.js

user_pref("browser.search.defaultenginename", "MyStart Search");
user_pref("browser.search.selectedEngine", "MyStart Search");
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345
user_pref("extensions.crossrider.bic", "1434561ed39f0648f5557e48d2459bf0");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10556");
user_pref("extensions.incredibar_i.excTlbr", "false");
user_pref("extensions.incredibar_i.hardId", "ee490e1600000000000000248c5d2bd0");
user_pref("extensions.incredibar_i.id", "ee490e1600000000000000248c5d2bd0");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15333");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "1000");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQjj6kOdz&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6PQjj6kOdz");
user_pref("extensions.incredibar_i.upn2n", "92542085326551345");
user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2714:47:45");
user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6PQjj6kOdz&&i=26&search=");
Emptied folder: C:\Users\Brewing-Drschmid\AppData\Roaming\mozilla\firefox\profiles\k281jjor.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2014 at 14:37:34.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und der AdwCleaner

Code:
# AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 16:18:13
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Brewing-Dürschmid - BREWING-DÜRS-PC
# Gestartet von : C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWWC6DM\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\weDownload Manager Pro
[!] Ordner Gelöscht : C:\Windows\SysWOW64\Searchprotect
[!] Ordner Gelöscht : C:\Users\Brewing-Dürschmid\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\Brewing-Dürschmid\AppData\Local\weDownload Manager Pro
[!] Ordner Gelöscht : C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\weDownload Manager Pro-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader
Datei Gelöscht : C:\Windows\Tasks\weDownload Manager Pro-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\weDownload Manager Pro-enabler
Datei Gelöscht : C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\weDownload Manager Pro-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\weDownload Manager Pro-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\weDownload Manager Pro-updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67C71B35-A416-4A54-BD1D-15965A4FE41C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Schlüssel Gelöscht : HKLM\Software\weDownload Manager Pro
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\weDownload Manager Pro

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v11.0 (de)

[ Datei : C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.InstallationThankYouPage", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.InstallationTime", 1388438482);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.active", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.InstallationTime.value", "1388438482");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie._GPL_aoi.value", "%221388438521%22");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie._GPL_parent_zoneid.value", "%22381905%22");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.jw_token.value", "%2274c94e24-01f7-692e-2f9e-5ff8ebbb8d3b%22");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.domain", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.homepage", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.iframe", false);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22C6EF803626CC4CB5B5F94B4178FEE[...]
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000529%22%2C%22sub_id%22%3A%22ver[...]
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22C6EF803626CC4CB5B5F9[...]
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_appVer.value", "58");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_lastVersion.value", "2");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.expiration", "Sun Mar 30 2014 22:24:31 GMT+0100");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.__first_daily_report_run__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.__first_daily_report_run__.value", "1388438501104");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.__last_daily_report__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.__last_daily_report__.value", "1388438561507");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22C6EF8036[...]
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.lastDailyReport", "1389522742452");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.lastUpdate", "1390519194419");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.name", "weDownload Manager Pro");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.newtab", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.opensearch", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/43628/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.pluginsversion", 60);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.publisher", "weDownload");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.thankyou", "");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.ver", 65);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.apps", "43628");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.bic", "1434561ed39f0648f5557e48d2459bf0");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.cid", 43628);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.firstrun", false);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.installationdate", 1388438482);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.modetype", "production");
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.statsDailyCounter", 9);

-\\ Google Chrome v32.0.1700.102

[ Datei : C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17762 octets] - [29/01/2014 16:12:17]
AdwCleaner[S0].txt - [17227 octets] - [29/01/2014 16:18:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17288 octets] ##########

und FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Brewing-Dürschmid (administrator) on BREWING-DÜRS-PC on 29-01-2014 16:28:58
Running from C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWWC6DM
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [333344 2008-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-04-15] (Apple Computer, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Allin1Convert EPM Support] - "C:\PROGRA~2\ALLIN1~2\bar\2.bin\8hmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Utility Chest EPM Support] - "C:\PROGRA~2\UTILIT~2\bar\1.bin\49medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
MountPoints2: {0ed83fb9-013c-11e1-b345-00248c5d2bd0} - J:\pushinst.exe
MountPoints2: {ff7b3dfc-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe
MountPoints2: {ff7b3e39-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5FE41672357CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {5BDFF369-0F9A-4B8B-9ABE-D5288E30A8A5} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A971673-50DD-464E-994A-0AB9A0C45F46} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {838BC224-C1A7-47E9-95C6-1807817A231B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {923FABB4-DEDB-4002-8C91-68BD4AA7F4BB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {EC98B355-C47F-4150-9D6C-C2D0FD70B202} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default
FF Homepage: hxxp://web.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar-Player - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (RewardsArcade) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh [2014-01-28]
CHR Extension: (Google Wallet) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Brewing-Dürschmid\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2014-01-28]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-11-21] (The OpenVPN Project)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 IpInIp; No ImagePath
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-01-29] (Malwarebytes Corporation)
S3 NAVENG; No ImagePath
S3 NAVEX15; No ImagePath
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S1 SRTSP; No ImagePath
S1 SRTSPX; No ImagePath
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia)
S3 VBoxNetFlt; No ImagePath
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 14:37 - 2014-01-29 14:37 - 00013900 _____ C:\Users\Brewing-Dürschmid\Desktop\JRT.txt
2014-01-29 14:29 - 2014-01-29 14:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 14:15 - 2014-01-29 16:18 - 00000000 ____D C:\AdwCleaner
2014-01-29 14:07 - 2014-01-29 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 14:07 - 2014-01-29 14:26 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-29 14:07 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 14:06 - 2014-01-29 14:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-29 14:05 - 2014-01-29 16:06 - 00000000 ____D C:\Users\Brewing-Dürschmid\Desktop\mbar
2014-01-29 06:58 - 2014-01-29 16:28 - 00000000 ____D C:\FRST
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-19 09:26 - 2014-01-29 10:57 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 09:26 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files\Google
2014-01-19 09:26 - 2014-01-19 09:29 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:25 - 2014-01-29 16:21 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 09:25 - 2014-01-29 15:38 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 09:25 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-19 09:25 - 2014-01-19 09:33 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:25 - 2014-01-19 09:33 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-11 01:55 - 2013-11-15 02:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-11 01:55 - 2013-11-15 01:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-11 01:55 - 2013-11-15 01:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-11 01:55 - 2013-11-15 01:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-11 01:55 - 2013-11-15 01:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-11 01:55 - 2013-11-15 01:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-11 01:55 - 2013-11-15 01:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-11 01:55 - 2013-11-15 01:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-11 01:55 - 2013-11-15 01:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-11 01:55 - 2013-11-15 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-11 01:55 - 2013-11-15 01:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-11 01:55 - 2013-11-15 01:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-11 01:55 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-11 01:55 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-11 01:55 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-11 01:55 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-11 01:55 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-11 01:55 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-11 01:55 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-11 01:55 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-11 01:55 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-11 01:23 - 2014-01-15 21:25 - 00000000 ____D C:\Windows\system32\MRT
2014-01-11 01:07 - 2013-10-03 15:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-11 01:07 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 02:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 02:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-11 01:07 - 2013-08-27 01:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 01:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 01:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-11 01:07 - 2013-08-27 01:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-11 01:07 - 2013-07-17 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-11 01:07 - 2013-07-17 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-11 01:07 - 2013-07-08 04:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-11 01:07 - 2013-07-08 04:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-11 01:07 - 2013-07-08 04:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 04:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-11 01:07 - 2013-07-08 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 01:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-11 01:07 - 2013-04-24 04:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-11 01:07 - 2013-04-24 04:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-11 01:07 - 2013-04-24 02:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-11 01:07 - 2013-04-24 01:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-11 01:07 - 2013-04-17 13:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-11 01:07 - 2013-04-17 12:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-11 01:06 - 2013-10-30 02:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 01:06 - 2013-10-22 09:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-11 01:06 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-11 01:06 - 2013-10-11 04:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-11 01:06 - 2013-10-11 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-11 01:06 - 2013-10-11 04:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 04:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-11 01:06 - 2013-10-11 02:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2014-01-11 01:06 - 2013-10-11 02:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-11 01:06 - 2013-10-11 02:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-11 01:06 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-11 01:06 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-11 01:06 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-11 01:06 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-11 01:06 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-11 01:06 - 2013-10-03 15:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-11 01:06 - 2013-10-03 12:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-11 01:06 - 2013-09-04 02:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-11 01:06 - 2013-08-29 08:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2014-01-11 01:06 - 2013-08-02 14:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-02 04:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-01 04:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-11 01:06 - 2013-08-01 03:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-11 01:06 - 2013-07-20 10:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-20 10:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-16 09:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-11 01:06 - 2013-07-16 04:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-11 01:06 - 2013-07-10 09:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-11 01:06 - 2013-07-10 09:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-11 01:06 - 2013-07-08 04:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-11 01:06 - 2013-07-08 04:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-11 01:06 - 2013-07-05 04:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-11 01:06 - 2013-07-04 04:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-11 01:06 - 2013-07-04 04:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-11 01:06 - 2013-07-03 02:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-01-11 01:06 - 2013-07-03 02:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-11 01:06 - 2013-06-26 23:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-11 01:06 - 2013-06-15 13:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-11 01:06 - 2013-06-15 11:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-11 01:06 - 2013-06-04 04:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-11 01:06 - 2013-06-04 04:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-11 01:06 - 2013-06-04 02:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-11 01:06 - 2013-06-04 01:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-11 01:06 - 2013-06-01 04:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-11 01:06 - 2013-06-01 04:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-11 01:05 - 2013-06-29 02:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-11 00:50 - 2013-10-30 04:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-11 00:50 - 2013-10-30 03:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-11 00:50 - 2013-10-30 02:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-11 00:50 - 2013-05-02 04:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-08 22:12 - 2014-01-25 06:31 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-04 00:24 - 2014-01-12 19:03 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-30 21:24 - 2013-12-30 21:24 - 00001884 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-12-30 09:54 - 2013-12-30 09:54 - 00781577 _____ C:\Users\Brewing-Dürschmid\Documents\mon30dec1.ods
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\Windows\Sun
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 08:38 - 2012-07-23 11:55 - 00157488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-12-30 08:37 - 2012-07-23 11:55 - 00149296 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-12-30 08:37 - 2012-07-23 11:55 - 00149296 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-12-30 08:15 - 2013-12-30 08:15 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\OpenOffice
2013-12-30 08:09 - 2013-12-30 08:10 - 00466536 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistMSI559E.txt
2013-12-30 08:09 - 2013-12-30 08:10 - 00015464 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistUI559E.txt

==================== One Month Modified Files and Folders =======

2014-01-29 16:28 - 2014-01-29 06:58 - 00000000 ____D C:\FRST
2014-01-29 16:24 - 2009-04-20 14:40 - 00003600 _____ C:\Windows\System32\Tasks\HP Health Check
2014-01-29 16:21 - 2014-01-19 09:25 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 16:20 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 16:20 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 16:20 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 16:18 - 2014-01-29 14:15 - 00000000 ____D C:\AdwCleaner
2014-01-29 16:18 - 2009-05-12 13:09 - 01748679 _____ C:\Windows\WindowsUpdate.log
2014-01-29 16:18 - 2006-11-02 15:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 16:06 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 16:06 - 2014-01-29 14:05 - 00000000 ____D C:\Users\Brewing-Dürschmid\Desktop\mbar
2014-01-29 16:06 - 2009-10-22 22:23 - 00000000 ___RD C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 16:01 - 2012-06-23 06:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 15:38 - 2014-01-19 09:25 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 14:37 - 2014-01-29 14:37 - 00013900 _____ C:\Users\Brewing-Dürschmid\Desktop\JRT.txt
2014-01-29 14:29 - 2014-01-29 14:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 14:26 - 2014-01-29 14:07 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-29 14:07 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 14:06 - 2014-01-29 14:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-29 13:50 - 2011-11-01 20:48 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\HpUpdate
2014-01-29 13:47 - 2011-06-04 18:42 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Formbet
2014-01-29 13:20 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Dropbox
2014-01-29 10:57 - 2014-01-19 09:26 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 08:12 - 2009-10-22 22:19 - 00000000 ____D C:\Users\Brewing-Dürschmid
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-29 05:47 - 2012-10-01 13:00 - 00000000 ___RD C:\Users\Brewing-Dürschmid\Dropbox
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-28 21:45 - 2011-07-24 10:43 - 00002479 _____ C:\Users\Brewing-Dürschmid\Desktop\Betting Assistant.lnk
2014-01-28 09:25 - 2009-11-24 08:54 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-28 09:22 - 2011-07-24 10:43 - 00002509 _____ C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk
2014-01-25 16:59 - 2009-04-20 22:53 - 00628742 _____ C:\Windows\system32\perfh007.dat
2014-01-25 16:59 - 2009-04-20 22:53 - 00126486 _____ C:\Windows\system32\perfc007.dat
2014-01-25 16:59 - 2006-11-02 12:46 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 06:31 - 2014-01-08 22:12 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-23 23:29 - 2013-08-18 08:59 - 00035328 _____ C:\Users\Brewing-Dürschmid\Documents\Bundesliga Tippsensation.xls
2014-01-21 08:26 - 2014-01-19 09:26 - 00000000 ____D C:\Program Files\Google
2014-01-21 08:26 - 2014-01-19 09:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 08:26 - 2008-01-21 03:26 - 00433446 _____ C:\Windows\PFRO.log
2014-01-19 09:33 - 2014-01-19 09:25 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:33 - 2014-01-19 09:25 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-19 09:29 - 2014-01-19 09:26 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:29 - 2011-05-22 18:13 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Google
2014-01-19 09:28 - 2009-11-09 20:01 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Adobe
2014-01-19 09:25 - 2012-06-23 06:20 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-19 09:25 - 2012-05-25 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-19 09:25 - 2011-07-08 05:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-15 21:25 - 2014-01-11 01:23 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 21:21 - 2006-11-02 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 09:42 - 2009-11-11 12:58 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Eigene Scans
2014-01-12 19:03 - 2014-01-04 00:24 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-11 23:39 - 2010-03-02 13:44 - 00000000 ____D C:\ProgramData\Installations
2014-01-11 19:25 - 2006-11-02 15:21 - 00327752 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 19:18 - 2009-10-22 22:23 - 00086592 _____ C:\Users\Brewing-Dürschmid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-11 09:03 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\rescache
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Program Files\Windows Journal
2014-01-11 08:41 - 2009-04-20 13:48 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2014-01-10 13:22 - 2013-12-28 23:29 - 00000000 ___HD C:\Users\Brewing-Dürschmid\AppData\Roaming\EE7B8440
2014-01-10 11:50 - 2012-10-01 13:00 - 00000957 _____ C:\Users\Brewing-Dürschmid\Desktop\Dropbox.lnk
2014-01-10 11:50 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 12:09 - 2012-11-08 07:57 - 00000948 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2014-01-08 12:09 - 2012-11-08 07:57 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2014-01-07 10:36 - 2009-11-09 20:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-04 01:11 - 2013-12-28 23:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 01:06 - 2006-11-02 12:34 - 00000172 _____ C:\Windows\win.ini
2014-01-04 00:56 - 2012-01-19 09:14 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Theater-Dienstpläne
2014-01-04 00:45 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 23:55 - 2011-03-18 21:15 - 00000000 ____D C:\BetDynamics
2014-01-03 23:50 - 2009-10-27 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-03 23:47 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-03 23:37 - 2013-03-05 06:58 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-03 23:37 - 2013-03-05 06:57 - 00000000 ____D C:\ProgramData\Avira
2014-01-01 23:00 - 2011-08-16 11:16 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Dienstpläne
2014-01-01 22:17 - 2010-06-25 11:11 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 15:49 - 2009-10-24 16:50 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Adobe
2013-12-30 21:24 - 2013-12-30 21:24 - 00001884 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-12-30 21:24 - 2010-03-04 18:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-30 09:54 - 2013-12-30 09:54 - 00781577 _____ C:\Users\Brewing-Dürschmid\Documents\mon30dec1.ods
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\Windows\Sun
2013-12-30 08:38 - 2013-12-30 08:38 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 08:15 - 2013-12-30 08:15 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\OpenOffice
2013-12-30 08:10 - 2013-12-30 08:09 - 00466536 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistMSI559E.txt
2013-12-30 08:10 - 2013-12-30 08:09 - 00015464 _____ C:\Users\Brewing-Dürschmid\AppData\Local\dd_vcredistUI559E.txt

Files to move or delete:
====================
C:\ProgramData\hpe8A9B.dll
C:\Users\Brewing-Dürschmid\Exchange-Pirate-Update.exe
C:\Users\Brewing-Dürschmid\FileFormatConverters.exe
C:\Users\Brewing-Dürschmid\Setup_ForteFree.EXE
C:\Users\Brewing-Dürschmid\xobglu16.dll
C:\Users\Brewing-Dürschmid\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\avgnt.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\PC-Suite.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\Quarantine.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\ResetDevice.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\_is9EB2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 16:28

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Und der Additions-Editor

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Brewing-Dürschmid at 2014-01-29 16:32:17
Running from C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUWWC6DM
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1.0.4.0 (x32 Version:  - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated)
AnalogX Atomic TimeSync (x32 Version:  - AnalogX)
ATI Catalyst Install Manager (Version: 3.0.710.0 - ATI Technologies, Inc.)
Avira Family Protection Suite (x32 Version: 14.0.2.286 - Avira)
AVM FRITZ!WLAN (x32 Version:  - AVM Berlin)
Back2Lay (x32 Version: 1.00 - StakeSoft)
Back2Lay (x32 Version: 1.00 - StakeSoft) Hidden
Betting Assistant (x32 Version: 1.0.64 - Gruss Software Ltd)
Biathlon 2005 (x32 Version:  - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (x32 Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (x32 Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.6.0.5 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.3.0.6 - Canon Inc.)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (x32 Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.4.0.4 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0115.2140.38867 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help English (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help French (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help German (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0115.2139.38867 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0115.2140.38867 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0115.2140.38867 - ATI) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6514.5001 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6514.5001 - Microsoft Corporation)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden
Definition update for Microsoft Office 2010 (KB982726) (x32 Version:  - Microsoft)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dienstbuch für Diensteinteiler (x32 Version: 2.7 - Lars-Peter Lawrenz)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden
DriverBoost (x32 Version: 8.1 - DriverBoost)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
F4500 (x32 Version: 130.0.406.000 - Hewlett-Packard) Hidden
FormBet (x32 Version: 2.15 - StakeSoft)
FormBet (x32 Version: 2.15 - StakeSoft) Hidden
Forte Free 2.0 (x32 Version:  - )
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnose Tools (Version: 5.1.5048.14 - PC-Doctor, Inc.)
HMA! Pro VPN 2.8.3.1 (x32 Version: 2.8.3.1 - )
HP Active Support Library (x32 Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2875 - Hewlett-Packard)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (Version: 13.0 - HP)
HP Games (x32 Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP MediaSmart DVD (x32 Version: 2.1.2431 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2431 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2415 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Print Projects 1.0 (Version: 1.0 - HP)
HP Recovery Manager RSS (x32 Version: 92.0.0.9 - Hewlet Packard Company) Hidden
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Support Information (x32 Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Advisor (x32 Version: 2.4.6171.2860 - Hewlett-Packard)
HP Total Care Setup (x32 Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (x32 Version: 6.0.330 - Oracle)
JetBet (x32 Version: 1.195 - StakeSoft)
JetBet (x32 Version: 1.195 - StakeSoft) Hidden
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (x32 Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.16.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.26.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.26.0 - Nokia) Hidden
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2 - Hewlett-Packard)
PC Connectivity Solution (x32 Version: 9.13.1.0 - Nokia)
phonostar-Player Version 3.03.1 (x32 Version:  - )
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (x32 Version: 2.12 - Python Software Foundation)
Python 2.6.1 (x32 Version: 2.6.1150 - Python Software Foundation)
QuickTime (x32 Version:  - )
Rate the Races Deluxe version 1.5 (x32 Version: 1.5 - My Company, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Master (x32 Version: 1.1.14 - Samsung)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Sandlot Games Client Services 1.2.2 (x32 Version:  - Sandlot Games)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skins (x32 Version: 2009.0115.2140.38867 - ATI) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson PC Suite 6.011.00 (x32 Version: 6.011.00 - Sony Ericsson)
sp44626 (x32 Version:  - Hewlett-Packard)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SteamerBot (x32 Version: 3.07 - StakeSoft)
SteamerBot (x32 Version: 3.07 - StakeSoft) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torino 2006 (x32 Version:  - )
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Utility Chest Internet Explorer Toolbar (x32 Version:  - Mindspark Interactive Network)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2) (Version: 02/23/2009 7.01.0.2 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0) (Version: 02/24/2009 4.0 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Restore Points  =========================

14-01-2014 06:14:17 Geplanter Prüfpunkt
14-01-2014 21:20:28 Removed Last Minute Bot
15-01-2014 08:46:22 Windows Update
15-01-2014 21:21:09 Windows Update
16-01-2014 21:34:04 Geplanter Prüfpunkt
18-01-2014 09:10:08 Geplanter Prüfpunkt
19-01-2014 18:05:02 Geplanter Prüfpunkt
20-01-2014 18:57:22 Geplanter Prüfpunkt
21-01-2014 19:32:12 Geplanter Prüfpunkt
22-01-2014 06:09:43 Windows Update
22-01-2014 22:16:08 Geplanter Prüfpunkt
24-01-2014 07:31:07 Geplanter Prüfpunkt
25-01-2014 17:40:48 Geplanter Prüfpunkt
26-01-2014 17:53:43 Geplanter Prüfpunkt
27-01-2014 07:17:55 Geplanter Prüfpunkt
28-01-2014 09:01:27 Windows Update
29-01-2014 04:09:48 Geplanter Prüfpunkt
29-01-2014 05:37:44 Windows-Modulinstallation
29-01-2014 16:06:00 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2006-11-02 12:34 - 2006-09-18 21:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1A5801B3-7C42-444A-99D0-4CC4FF11D7F0} - System32\Tasks\{6DE48F95-54E2-4F7B-8D34-414F98524E2A} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {1B418015-130F-4479-8C95-6F849C2FC3D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {399F79B2-26BB-4499-934C-248447759342} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {499C14D0-18BA-45B8-9CFE-DA52687466EE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4AB89C8A-DA6D-47DE-978F-17A7EF1F0D25} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {64F00CB1-6F3D-4605-80B8-598CFE893A45} - \weDownload Manager Pro-enabler No Task File
Task: {6517AB05-5EA7-4592-A14D-6F6D8D9A82FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8336214F-FBE7-4E67-94D1-E8B7F20AA76D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {93B87F98-5620-4DA2-95D4-DA9136E0F78E} - \weDownload Manager Pro-updater No Task File
Task: {9B61F641-4261-42D4-B794-AAA05A59A5F8} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {B702791A-7192-4B30-946C-1B3964FA83EB} - \weDownload Manager Pro-firefoxinstaller No Task File
Task: {B7A3E4EE-EEFE-4697-B11A-17379F476436} - \weDownload Manager Pro-codedownloader No Task File
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F652715F-0DAC-447D-9B3F-ED081D616F80} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Brewing-Dürschmid => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-04-20 14:09 - 2009-01-15 22:28 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2009-04-20 14:09 - 2009-04-20 14:09 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 08:19 - 2008-11-25 08:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-12-10 13:32 - 2008-12-10 13:32 - 00020480 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-03-05 06:58 - 2013-12-09 11:43 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2008-12-15 14:15 - 2008-12-15 14:15 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/29/2014 04:21:27 PM) (Source: Service Control Manager) (User: )
Description: i8042prt
SRTSP
SRTSPX


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-29 16:32:12.590
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:12.284
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:11.979
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:11.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:11.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:11.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:10.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:32:10.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:31:59.026
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-29 16:31:58.721
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 6142.31 MB
Available physical RAM: 3685.83 MB
Total Pagefile: 12401.15 MB
Available Pagefile: 9510.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:917.55 GB) (Free:759.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.96 GB) (Free:1.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (28 Jan 2014) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Was wäre denn als nächstes dran?

schrauber 31.01.2014 08:49

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

bastl 31.01.2014 13:25
Code:
SETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c88d9ca17038834c82b44646f970d554
# engine=16874
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-31 10:25:06
# local_time=2014-01-31 10:25:06 (+0000, Westeuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 7704 228687812 0 0
# scanned=268203
# found=0
# cleaned=0
# scan_time=7512
Code:
Results of screen317's Security Check version 0.99.79 
 Windows Vista Service Pack 2 x64 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 33 
 Java version out of Date!
 Adobe Flash Player        11.9.900.170 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox 11.0 Firefox out of Date! 
 Google Chrome 32.0.1700.102 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Windows Defender MSASCui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Brewing-Dürschmid (administrator) on BREWING-DÜRS-PC on 31-01-2014 12:23:02
Running from C:\Users\Brewing-Dürschmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJVGS7QP
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
(Gruss Software Ltd) C:\Program Files (x86)\Betting Assistant\Betting Assistant.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [333344 2008-10-03] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] - C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Health Check Scheduler] - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-12-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-15] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [98304 2010-04-15] (Apple Computer, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Allin1Convert EPM Support] - "C:\PROGRA~2\ALLIN1~2\bar\2.bin\8hmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Utility Chest EPM Support] - "C:\PROGRA~2\UTILIT~2\bar\1.bin\49medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
MountPoints2: {0ed83fb9-013c-11e1-b345-00248c5d2bd0} - J:\pushinst.exe
MountPoints2: {ff7b3dfc-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe
MountPoints2: {ff7b3e39-0061-11e1-9cbd-00248c5d2bd0} - J:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5FE41672357CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {5BDFF369-0F9A-4B8B-9ABE-D5288E30A8A5} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A971673-50DD-464E-994A-0AB9A0C45F46} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {838BC224-C1A7-47E9-95C6-1807817A231B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {923FABB4-DEDB-4002-8C91-68BD4AA7F4BB} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {EC98B355-C47F-4150-9D6C-C2D0FD70B202} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Brewing-Dürschmid\AppData\Roaming\Mozilla\Firefox\Profiles\k281jjor.default
FF Homepage: hxxp://web.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar-Player - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Users\Brewing-Dürschmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Brewing-Dürschmid\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2014-01-28]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-11-21] (The OpenVPN Project)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 IpInIp; No ImagePath
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-01-29] (Malwarebytes Corporation)
S3 NAVENG; No ImagePath
S3 NAVEX15; No ImagePath
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S1 SRTSP; No ImagePath
S1 SRTSPX; No ImagePath
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia)
S3 VBoxNetFlt; No ImagePath
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-29 14:37 - 2014-01-29 14:37 - 00013900 _____ C:\Users\Brewing-Dürschmid\Desktop\JRT.txt
2014-01-29 14:29 - 2014-01-29 14:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 14:15 - 2014-01-29 16:18 - 00000000 ____D C:\AdwCleaner
2014-01-29 14:07 - 2014-01-29 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 14:07 - 2014-01-29 14:26 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-29 14:07 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 14:06 - 2014-01-29 14:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-29 14:05 - 2014-01-29 16:06 - 00000000 ____D C:\Users\Brewing-Dürschmid\Desktop\mbar
2014-01-29 06:58 - 2014-01-31 12:23 - 00000000 ____D C:\FRST
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-19 09:26 - 2014-01-29 10:57 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 09:26 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files\Google
2014-01-19 09:26 - 2014-01-19 09:29 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:25 - 2014-01-31 11:38 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 09:25 - 2014-01-31 09:38 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 09:25 - 2014-01-21 08:26 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-19 09:25 - 2014-01-19 09:33 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:25 - 2014-01-19 09:33 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-11 01:55 - 2013-11-15 02:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-11 01:55 - 2013-11-15 01:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-11 01:55 - 2013-11-15 01:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-11 01:55 - 2013-11-15 01:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-11 01:55 - 2013-11-15 01:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-11 01:55 - 2013-11-15 01:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-11 01:55 - 2013-11-15 01:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-11 01:55 - 2013-11-15 01:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-11 01:55 - 2013-11-15 01:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-11 01:55 - 2013-11-15 01:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-11 01:55 - 2013-11-15 01:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-11 01:55 - 2013-11-15 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-11 01:55 - 2013-11-15 01:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-11 01:55 - 2013-11-15 01:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-11 01:55 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-11 01:55 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-11 01:55 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-11 01:55 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-11 01:55 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-11 01:55 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-11 01:55 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-11 01:55 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-11 01:55 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-11 01:55 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-11 01:55 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-11 01:55 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-11 01:23 - 2014-01-15 21:25 - 00000000 ____D C:\Windows\system32\MRT
2014-01-11 01:07 - 2013-10-03 15:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-11 01:07 - 2013-10-03 12:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 03:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-01-11 01:07 - 2013-08-27 02:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-01-11 01:07 - 2013-08-27 02:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 02:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 02:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-11 01:07 - 2013-08-27 02:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-01-11 01:07 - 2013-08-27 01:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-01-11 01:07 - 2013-08-27 01:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-01-11 01:07 - 2013-08-27 01:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-01-11 01:07 - 2013-08-27 01:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-11 01:07 - 2013-07-17 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-11 01:07 - 2013-07-17 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-11 01:07 - 2013-07-09 12:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-11 01:07 - 2013-07-08 04:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-11 01:07 - 2013-07-08 04:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-11 01:07 - 2013-07-08 04:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 04:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-11 01:07 - 2013-07-08 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-01-11 01:07 - 2013-07-08 01:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-11 01:07 - 2013-07-08 01:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-11 01:07 - 2013-04-24 04:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-01-11 01:07 - 2013-04-24 04:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-01-11 01:07 - 2013-04-24 02:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-01-11 01:07 - 2013-04-24 01:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-01-11 01:07 - 2013-04-17 13:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-01-11 01:07 - 2013-04-17 12:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-01-11 01:06 - 2013-10-30 02:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 01:06 - 2013-10-22 09:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-11 01:06 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-11 01:06 - 2013-10-11 04:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-11 01:06 - 2013-10-11 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-11 01:06 - 2013-10-11 04:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 04:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-11 01:06 - 2013-10-11 02:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2014-01-11 01:06 - 2013-10-11 02:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-11 01:06 - 2013-10-11 02:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-11 01:06 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-11 01:06 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-11 01:06 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-01-11 01:06 - 2013-10-11 02:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-11 01:06 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-11 01:06 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-11 01:06 - 2013-10-03 15:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-11 01:06 - 2013-10-03 12:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-11 01:06 - 2013-09-04 02:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-11 01:06 - 2013-08-29 08:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2014-01-11 01:06 - 2013-08-02 14:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-02 04:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-11 01:06 - 2013-08-01 04:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-11 01:06 - 2013-08-01 03:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-01-11 01:06 - 2013-07-20 10:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-20 10:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-11 01:06 - 2013-07-16 09:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-01-11 01:06 - 2013-07-16 04:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-01-11 01:06 - 2013-07-10 09:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-11 01:06 - 2013-07-10 09:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-11 01:06 - 2013-07-08 04:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-11 01:06 - 2013-07-08 04:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-11 01:06 - 2013-07-08 04:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-11 01:06 - 2013-07-05 04:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-11 01:06 - 2013-07-04 04:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-11 01:06 - 2013-07-04 04:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-11 01:06 - 2013-07-03 02:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-01-11 01:06 - 2013-07-03 02:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-11 01:06 - 2013-06-26 23:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-11 01:06 - 2013-06-15 13:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-01-11 01:06 - 2013-06-15 11:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-11 01:06 - 2013-06-04 04:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-11 01:06 - 2013-06-04 04:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-11 01:06 - 2013-06-04 02:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-11 01:06 - 2013-06-04 01:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-11 01:06 - 2013-06-01 04:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-11 01:06 - 2013-06-01 04:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-11 01:05 - 2013-06-29 02:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-11 01:05 - 2013-06-29 02:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-11 01:05 - 2011-05-05 14:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-11 00:50 - 2013-10-30 04:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-01-11 00:50 - 2013-10-30 03:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-11 00:50 - 2013-10-30 02:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-11 00:50 - 2013-05-02 04:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-01-11 00:50 - 2013-05-02 04:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-01-08 22:12 - 2014-01-25 06:31 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-04 00:24 - 2014-01-12 19:03 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

==================== One Month Modified Files and Folders =======

2014-01-31 12:23 - 2014-01-29 06:58 - 00000000 ____D C:\FRST
2014-01-31 12:22 - 2011-06-04 18:42 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Formbet
2014-01-31 12:18 - 2011-07-24 10:43 - 00002509 _____ C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk
2014-01-31 12:15 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 12:15 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 12:01 - 2012-06-23 06:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 11:38 - 2014-01-19 09:25 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 09:38 - 2014-01-19 09:25 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-31 08:16 - 2009-05-12 13:09 - 01781427 _____ C:\Windows\WindowsUpdate.log
2014-01-30 22:04 - 2013-08-18 08:59 - 00035328 _____ C:\Users\Brewing-Dürschmid\Documents\Bundesliga Tippsensation.xls
2014-01-30 21:42 - 2011-08-16 11:16 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Dienstpläne
2014-01-30 12:48 - 2011-07-24 10:43 - 00002479 _____ C:\Users\Brewing-Dürschmid\Desktop\Betting Assistant.lnk
2014-01-30 08:11 - 2009-04-20 14:40 - 00003600 _____ C:\Windows\System32\Tasks\HP Health Check
2014-01-30 08:02 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 22:30 - 2006-11-02 15:42 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 16:18 - 2014-01-29 14:15 - 00000000 ____D C:\AdwCleaner
2014-01-29 16:06 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-29 16:06 - 2014-01-29 14:05 - 00000000 ____D C:\Users\Brewing-Dürschmid\Desktop\mbar
2014-01-29 16:06 - 2009-10-22 22:23 - 00000000 ___RD C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 14:37 - 2014-01-29 14:37 - 00013900 _____ C:\Users\Brewing-Dürschmid\Desktop\JRT.txt
2014-01-29 14:29 - 2014-01-29 14:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 14:26 - 2014-01-29 14:07 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-29 14:07 - 2014-01-29 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 14:06 - 2014-01-29 14:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-29 13:50 - 2011-11-01 20:48 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\HpUpdate
2014-01-29 13:20 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Dropbox
2014-01-29 10:57 - 2014-01-19 09:26 - 00001979 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 08:12 - 2009-10-22 22:19 - 00000000 ____D C:\Users\Brewing-Dürschmid
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 06:41 - 2014-01-29 06:41 - 00000000 _____ C:\Windows\setupact.log
2014-01-29 05:56 - 2014-01-29 05:56 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-29 05:47 - 2012-10-01 13:00 - 00000000 ___RD C:\Users\Brewing-Dürschmid\Dropbox
2014-01-28 23:48 - 2014-01-28 23:48 - 00000000 ____D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2014-01-28 09:25 - 2009-11-24 08:54 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-25 16:59 - 2009-04-20 22:53 - 00628742 _____ C:\Windows\system32\perfh007.dat
2014-01-25 16:59 - 2009-04-20 22:53 - 00126486 _____ C:\Windows\system32\perfc007.dat
2014-01-25 16:59 - 2006-11-02 12:46 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 06:31 - 2014-01-08 22:12 - 00002601 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Word 2010.lnk
2014-01-21 08:26 - 2014-01-19 09:26 - 00000000 ____D C:\Program Files\Google
2014-01-21 08:26 - 2014-01-19 09:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 08:26 - 2008-01-21 03:26 - 00433446 _____ C:\Windows\PFRO.log
2014-01-19 09:33 - 2014-01-19 09:25 - 00004128 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 09:33 - 2014-01-19 09:25 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-19 09:29 - 2014-01-19 09:26 - 00000000 ____D C:\ProgramData\Google
2014-01-19 09:29 - 2011-05-22 18:13 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Google
2014-01-19 09:28 - 2009-11-09 20:01 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Local\Adobe
2014-01-19 09:25 - 2012-06-23 06:20 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-19 09:25 - 2012-05-25 06:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-19 09:25 - 2011-07-08 05:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-15 21:25 - 2014-01-11 01:23 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 21:21 - 2006-11-02 12:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 09:42 - 2009-11-11 12:58 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Eigene Scans
2014-01-12 19:03 - 2014-01-04 00:24 - 00002603 _____ C:\Users\Brewing-Dürschmid\Desktop\Microsoft Excel 2010.lnk
2014-01-11 23:39 - 2010-03-02 13:44 - 00000000 ____D C:\ProgramData\Installations
2014-01-11 19:25 - 2006-11-02 15:21 - 00327752 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 19:18 - 2009-10-22 22:23 - 00086592 _____ C:\Users\Brewing-Dürschmid\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-11 09:03 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\rescache
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2014-01-11 08:42 - 2006-11-02 15:07 - 00000000 ____D C:\Program Files\Windows Journal
2014-01-11 08:41 - 2009-04-20 13:48 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2014-01-10 13:22 - 2013-12-28 23:29 - 00000000 ___HD C:\Users\Brewing-Dürschmid\AppData\Roaming\EE7B8440
2014-01-10 11:50 - 2012-10-01 13:00 - 00000957 _____ C:\Users\Brewing-Dürschmid\Desktop\Dropbox.lnk
2014-01-10 11:50 - 2012-10-01 12:47 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 12:09 - 2012-11-08 07:57 - 00000948 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2014-01-08 12:09 - 2012-11-08 07:57 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2014-01-07 10:36 - 2009-11-09 20:02 - 00000000 ____D C:\ProgramData\Adobe
2014-01-04 01:11 - 2013-12-28 23:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 01:06 - 2006-11-02 12:34 - 00000172 _____ C:\Windows\win.ini
2014-01-04 00:56 - 2012-01-19 09:14 - 00000000 ____D C:\Users\Brewing-Dürschmid\Documents\Theater-Dienstpläne
2014-01-04 00:45 - 2006-11-02 15:07 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 23:55 - 2011-03-18 21:15 - 00000000 ____D C:\BetDynamics
2014-01-03 23:50 - 2009-10-27 16:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-03 23:47 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 23:46 - 2014-01-03 23:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-03 23:37 - 2013-03-05 06:58 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-03 23:37 - 2013-03-05 06:57 - 00000000 ____D C:\ProgramData\Avira
2014-01-01 22:17 - 2010-06-25 11:11 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 15:49 - 2009-10-24 16:50 - 00000000 ____D C:\Users\Brewing-Dürschmid\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\ProgramData\hpe8A9B.dll
C:\Users\Brewing-Dürschmid\Exchange-Pirate-Update.exe
C:\Users\Brewing-Dürschmid\FileFormatConverters.exe
C:\Users\Brewing-Dürschmid\Setup_ForteFree.EXE
C:\Users\Brewing-Dürschmid\xobglu16.dll
C:\Users\Brewing-Dürschmid\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\avgnt.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\PC-Suite.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\Quarantine.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\ResetDevice.exe
C:\Users\Brewing-Dürschmid\AppData\Local\Temp\_is9EB2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 08:18

==================== End Of Log ============================
--- --- ---

--- --- ---


...und bislang keine Probleme...:party:

schrauber 01.02.2014 11:03
Java, Adobe und Firefox updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\hpe8A9B.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

bastl 01.02.2014 11:32
Code:
ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 03
Ran by Brewing-Dürschmid at 2014-02-01 10:29:08 Run:1
Running from C:\Users\Brewing-Dürschmid\Documents\Formbet\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\hpe8A9B.dll
*****************

C:\ProgramData\hpe8A9B.dll => Moved successfully.

==== End of Fixlog ====

schrauber 02.02.2014 06:33
fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131