Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Whilokii Virus entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2013, 17:35   #1
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Hallo,

ich nutze den Mozilla Firefox und habe seit heute seitlich links auf nahezu jeder Seite eine eingeblendete Leiste (rechts oben im Eck steht ein T, darunter dann "Related Searches:"), sowie im unteren Bildschirmrand Pop-ups die gelegentlich aufpoppen (Whilokii steht links oben im Pop-Up).
Auf Basis eines Tipps eines Bekannten habe ich folgendes bisher unternommen, jedoch ohne Erfolg:

1. Malwarebytes installiert und genutzt - 18 Infektionen, alle entfernt.
2. AdWCleaner genutzt
3. Farbar recovery Scan Tool genutzt.

Jedoch habe ich keine Logfiles außer die der Farbar.

Kannmir dennoch einer hier helfen? Ich dreh noch durch, da die Malware immer noch drauf ist und ich verzweifle.

Besten Dank!

Markus

Alt 22.10.2013, 17:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



hi,

poste die Logs von Farbar.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.10.2013, 18:06   #3
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 22-10-2013 17:26:13
Running from C:\Users\Markus.Ortlieb\Downloads
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\communicator.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)
HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe
Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn
FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\
FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\

========================== Services (Whitelisted) =================

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)
R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)
S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl77b0c7b5; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B88A366-55A7-4F14-862E-49827CA0829A}\MpKsl77b0c7b5.sys [40392 2013-10-22] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:25 - 2013-10-22 17:25 - 01087503 _____ (Farbar) C:\Users\Markus.Ortlieb\Downloads\FRST.exe
2013-10-22 17:23 - 2013-10-22 17:23 - 00001453 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-22 17:22 - 2013-10-22 17:22 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT.exe
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 16:12 - 2013-10-22 16:12 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner-3.010.exe
2013-10-21 09:40 - 2013-10-22 17:20 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4
2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4
2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4
2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe
2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-23 16:37 - 2013-10-22 17:20 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing
2013-09-23 16:37 - 2013-10-01 14:21 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-09-23 16:37 - 2013-09-23 16:37 - 00000000 ____D C:\ProgramData\Applications
2013-09-23 16:37 - 2012-05-16 17:01 - 00000784 _____ C:\Windows\TrustModelData.reg
2013-09-23 16:32 - 2013-09-23 16:32 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-09-23 16:31 - 2013-09-23 16:32 - 00000000 ____D C:\Windows\SHELLNEW
2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 __RHD C:\MSOCache
2013-09-23 16:28 - 2013-09-23 16:28 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaVo-IT
2013-09-23 15:25 - 2013-09-23 15:25 - 00000000 ____D C:\Windows\Temp3672BBF2-94FA-C70C-D425-FDE36CA8BD02-Signatures
2013-09-23 15:25 - 2012-02-21 06:00 - 00670576 _____ (Microsoft Corporation) C:\Windows\CMTrace.exe
2013-09-23 13:45 - 2013-09-23 13:45 - 00000000 ____D C:\Windows\TempDAC5738E-707B-5109-5D4A-C2257122426A-Signatures
2013-09-23 13:39 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-23 12:39 - 2013-09-23 14:08 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Deployment
2013-09-23 12:39 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Apps\2.0
2013-09-23 12:37 - 2013-09-23 12:39 - 00007152 _____ C:\Windows\IE9_main.log
2013-09-23 12:36 - 2010-02-11 09:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-09-23 12:34 - 2013-09-23 12:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-23 12:26 - 2013-09-23 12:26 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-23 12:26 - 2013-09-23 12:26 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 12:26 - 2013-09-23 12:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-23 12:26 - 2013-09-23 12:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 12:26 - 2013-09-23 12:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-23 12:26 - 2013-09-23 12:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-23 12:25 - 2013-09-23 12:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-23 12:24 - 2013-09-23 12:33 - 00022745 _____ C:\Windows\IE10_main.log
2013-09-23 12:23 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-23 12:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-23 12:23 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-23 12:23 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-23 12:23 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-23 12:22 - 2013-08-08 03:03 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-23 12:22 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-23 12:22 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-23 12:22 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-23 12:22 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-23 12:22 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-23 12:22 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-23 12:22 - 2013-07-26 03:56 - 12874752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-23 12:22 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-23 12:22 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-23 12:22 - 2013-07-19 03:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-23 12:22 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-23 12:22 - 2013-07-08 07:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-23 12:22 - 2013-07-08 07:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-23 12:22 - 2013-07-08 07:00 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-23 12:22 - 2013-07-08 06:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2013-09-23 12:22 - 2013-07-08 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-23 12:22 - 2013-07-08 05:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2013-09-23 12:22 - 2013-07-08 05:31 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2013-09-23 12:22 - 2013-07-08 05:31 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2013-09-23 12:22 - 2013-07-08 05:31 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2013-09-23 12:22 - 2013-07-08 05:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-23 12:22 - 2013-07-06 06:57 - 01309120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-23 12:22 - 2013-07-06 06:57 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-23 12:22 - 2013-07-06 06:57 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-23 12:21 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-23 12:19 - 2013-09-23 12:19 - 00000000 ____D C:\Windows\TempB05CF42F-9E08-F217-8C1D-3512896A7659-Signatures
2013-09-23 12:00 - 2013-09-23 12:00 - 00000000 ____D C:\Windows\TempD2A5BF20-10D6-6011-ABF3-CF049DC6EB8C-Signatures
2013-09-23 11:50 - 2013-10-03 20:53 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-23 11:49 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2013-09-23 11:41 - 2013-09-23 11:41 - 00000000 ____D C:\43e7645ccc023755da2e8e6a
2013-09-23 11:41 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-23 11:38 - 2013-09-23 11:39 - 00000004 _____ C:\ScrubRetValFile.txt

==================== One Month Modified Files and Folders =======

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:25 - 2013-10-22 17:25 - 01087503 _____ (Farbar) C:\Users\Markus.Ortlieb\Downloads\FRST.exe
2013-10-22 17:24 - 2010-09-09 22:45 - 08105462 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 17:24 - 2010-08-15 20:12 - 00688680 _____ C:\Windows\system32\perfh01D.dat
2013-10-22 17:24 - 2010-08-15 20:12 - 00151310 _____ C:\Windows\system32\perfc01D.dat
2013-10-22 17:24 - 2010-08-15 20:07 - 00765018 _____ C:\Windows\system32\perfh015.dat
2013-10-22 17:24 - 2010-08-15 20:07 - 00164494 _____ C:\Windows\system32\perfc015.dat
2013-10-22 17:24 - 2010-08-15 19:52 - 00768558 _____ C:\Windows\system32\perfh013.dat
2013-10-22 17:24 - 2010-08-15 19:52 - 00161766 _____ C:\Windows\system32\perfc013.dat
2013-10-22 17:24 - 2010-08-15 19:46 - 00765154 _____ C:\Windows\system32\perfh010.dat
2013-10-22 17:24 - 2010-08-15 19:46 - 00155494 _____ C:\Windows\system32\perfc010.dat
2013-10-22 17:23 - 2013-10-22 17:23 - 00001453 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-22 17:23 - 2012-02-16 17:12 - 01686779 _____ C:\Windows\WindowsUpdate.log
2013-10-22 17:22 - 2013-10-22 17:22 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT.exe
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 17:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 17:22 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI
2013-10-22 17:20 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-22 17:20 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing
2013-10-22 17:20 - 2011-05-10 17:42 - 00062602 _____ C:\Windows\setupact.log
2013-10-22 17:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 17:17 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 17:17 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log
2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE
2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP
2013-10-22 16:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 16:12 - 2013-10-22 16:12 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner-3.010.exe
2013-10-22 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job
2013-10-21 17:49 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2013-10-21 16:43 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache
2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol
2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP
2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump
2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol
2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-10-01 08:25 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla
2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe
2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP
2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP
2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-23 16:37 - 2013-09-23 16:37 - 00000000 ____D C:\ProgramData\Applications
2013-09-23 16:37 - 2012-03-08 10:53 - 00111288 _____ C:\Users\Markus.Ortlieb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-23 16:34 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-09-23 16:32 - 2013-09-23 16:32 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-09-23 16:32 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\SHELLNEW
2013-09-23 16:32 - 2012-03-07 08:06 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-23 16:32 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-09-23 16:31 - 2010-09-10 11:47 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-09-23 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 __RHD C:\MSOCache
2013-09-23 16:28 - 2013-09-23 16:28 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaVo-IT
2013-09-23 15:25 - 2013-09-23 15:25 - 00000000 ____D C:\Windows\Temp3672BBF2-94FA-C70C-D425-FDE36CA8BD02-Signatures
2013-09-23 14:08 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Deployment
2013-09-23 14:08 - 2013-07-12 23:12 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Dropbox
2013-09-23 13:45 - 2013-09-23 13:45 - 00000000 ____D C:\Windows\TempDAC5738E-707B-5109-5D4A-C2257122426A-Signatures
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-23 12:40 - 2010-10-20 10:23 - 00000000 ____D C:\INSTALL
2013-09-23 12:39 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Apps\2.0
2013-09-23 12:39 - 2013-09-23 12:37 - 00007152 _____ C:\Windows\IE9_main.log
2013-09-23 12:35 - 2013-09-23 12:34 - 00000000 ____D C:\Windows\system32\MRT
2013-09-23 12:33 - 2013-09-23 12:24 - 00022745 _____ C:\Windows\IE10_main.log
2013-09-23 12:26 - 2013-09-23 12:26 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-23 12:26 - 2013-09-23 12:26 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 12:26 - 2013-09-23 12:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-23 12:26 - 2013-09-23 12:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 12:26 - 2013-09-23 12:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-23 12:26 - 2013-09-23 12:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 12:26 - 2013-09-23 12:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-23 12:26 - 2013-09-23 12:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-23 12:25 - 2013-09-23 12:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-23 12:25 - 2013-09-23 12:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-23 12:19 - 2013-09-23 12:19 - 00000000 ____D C:\Windows\TempB05CF42F-9E08-F217-8C1D-3512896A7659-Signatures
2013-09-23 12:00 - 2013-09-23 12:00 - 00000000 ____D C:\Windows\TempD2A5BF20-10D6-6011-ABF3-CF049DC6EB8C-Signatures
2013-09-23 11:46 - 2012-09-10 18:13 - 00000000 ____D C:\Program Files\Microsoft Policy Platform
2013-09-23 11:45 - 2010-09-10 12:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-23 11:41 - 2013-09-23 11:41 - 00000000 ____D C:\43e7645ccc023755da2e8e6a
2013-09-23 11:41 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-23 11:39 - 2013-09-23 11:38 - 00000004 _____ C:\ScrubRetValFile.txt

Some content of TEMP:
====================
C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109



LastRegBack: 2013-10-21 15:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013
Ran by Markus.Ortlieb at 2013-10-22 17:27:05
Running from C:\Users\Markus.Ortlieb\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: System Center 2012 Endpoint Protection (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: System Center 2012 Endpoint Protection (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

7-Zip 9.20 (Version: 9.20.00.0)
AccelerometerP11 (Version: 2.00.10.24)
Acer GridVista (Version: 2.72.317)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Amazon MP3-Downloader 1.0.15 (Version: 1.0.15)
Apple Mobile Device Support (Version: 5.1.1.4)
Audiograbber 1.83 SE  (Version: 1.83 SE )
Audiograbber MP3-Plugin (Version: 1.0)
Bing Bar (Version: 7.2.241.0)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Cisco WebEx Meetings
Configuration Manager Client (Version: 5.00.7804.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ControlVault Host Components Installer (Version: 2.0.20.159)
Dell OpenManage Client Instrumentation (Version: 8.2.0.154)
Dell OpenManage Inventory Agent (for Dell Business Client Systems) (Version: 1.4.1)
Dell System Manager (Version: 1.7.10000)
Dell Touchpad (Version: 7.1208.101.124)
DHTML Editing Component (Version: 6.02.0001)
Folder Size for Windows (Version: 2.5)
Foxit Reader (Version: 6.0.3.524)
Free FLV Converter V 7.4.0 (Version: 7.4.0.0)
FreeFileSync v5.0 (Version: 5.0)
Freemake Video Converter Version 4.0.0 (Version: 4.0.0)
FreeMind (Version: 0.9.0)
FreePDF (Remove only)
Google Talk Plugin (Version: 4.7.0.15362)
Google Update Helper (Version: 1.3.23.0)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)
GPL Ghostscript 8.71
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
iPassConnect (Version: 3.65)
iPassConnect (Version: 3.65.00)
IrfanView (remove only) (Version: 4.32)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 30 (Version: 6.0.300)
kavofonts (Version: 1)
K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)
LameXP
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marketsplash Schnellzugriffe (Version: 1.0.1.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8410.2)
Microsoft Endpoint Protection Management Components (Version: 4.2.0223.1)
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.2.0223.1)
Microsoft Lync 2010 (Version: 4.0.7577.4392)
Microsoft Lync 2010, MUI (Version: 4.0.7577.0)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Policy Platform (Version: 1.2.3602.0)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Mp3tag v2.54 (Version: v2.54)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PC Speed Maximizer v3.2 (Version: 3.2)
Picasa 3 (Version: 3.8)
RealDownloader (Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
RedMon - Redirection Port Monitor
Revo Uninstaller 1.95 (Version: 1.95)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Samsung Kies (Version: 2.3.3.12085_7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
SAP Business Explorer (Version: 7.20)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 2)
SeaView (Version: 1.0.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition
Skype™ 6.3 (Version: 6.3.105)
Sonos Controller (Version: 22.0.64240)
StreamTransport version: 1.0.2.2171
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 28.0.1315.0)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (Version: 22.50.231.0)
SyncToy 2.1 (x86) (Version: 2.1.0)
System Center 2012 Endpoint Protection (Version: 4.2.223.1)
TidyNetwork
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Zip Extractor
vcredist_x86 (Version: 1.0.0)
WebEx Productivity Tools (Version: 2.32.1200.16655)
WIDCOMM Bluetooth Software (Version: 6.3.0.6900)
Windows Firewall Configuration Provider (Version: 1.2.3412.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WISO Steuer-Sparbuch 2012 (Version: 19.05.7368)
Word Layers (HKCU Version: 3)
Yahoo! Messenger
Zip Extractor Packages

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00A0759D-2A1C-4C81-A226-3A90B820BAFF} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {03B74907-49F0-4EC0-A328-AE96D69D2A50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {13CD2DD4-0051-44C4-923B-63777726E834} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {13F0BEF8-B504-43C3-AA03-2CB6E2A9A031} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {18CFEC96-2653-44E4-8D47-2E7AFD84ED96} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe
Task: {1AE8D8DD-E154-422F-B8A6-899E64626F41} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {41D885E5-ADC1-4619-B5BD-35B5B4FEBEFC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {467AB0E9-0501-465B-A115-DCE3601F05BB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {4EDD8244-8CDE-4182-895F-B9146CC69D58} - System32\Tasks\TidyNetwork Update => C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petnupdate.exe
Task: {63B94DB7-D13D-47D0-98AD-F6AE2BA288B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: {6D552273-770D-4673-874C-7CEF36E0DFC5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {726CDAAB-F9E5-4A26-9289-3ACC8178BD4F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {885ECC39-599C-4E97-B55F-F5BC9C9CA125} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {A773082F-22CB-49EA-A630-A182070623A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-14 13:42 - 2011-10-04 00:31 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2012-04-05 10:28 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2012-04-05 10:28 - 2012-02-22 20:49 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2013-09-23 13:25 - 2013-09-23 13:25 - 01928192 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\a6d77b64f85bb1135b2bc3fa240e0b58\Kies.UI.ni.dll
2013-09-23 13:25 - 2013-09-23 13:25 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\6f12d4f931067ba0d80718659128e4c0\Kies.MVVM.ni.dll
2013-09-23 13:25 - 2013-09-23 13:25 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fca6e0d137529e75ffab40ee22f2d4b5\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00353280 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\6614c1906e60cced4f242d337b10f7f4\DevicePhoto.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00299520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\7cce2e92fb904b9f1e1920e852935eef\DeviceVideo.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00615424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b430d451ebbc671be6dd511bc5b5ee2d\DevicePodcast.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\b0e562f98850f23cb5420b053e12cdb4\DummyStorePlugin.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 17357824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\412c905f6a195314f1a228f6c064bd98\Kies.Theme.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00571904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c3fac88c14755b6ea4d6fa9d0572bab9\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-09-23 11:55 - 2013-09-23 11:55 - 00040448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2b859000c738b1f5e556f5af5fcd2f77\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-09-23 13:26 - 2013-09-23 13:26 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
2010-10-15 19:14 - 2010-10-15 19:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-09-13 14:38 - 2012-09-06 20:16 - 07956120 _____ () C:\Program Files\WISO\Steuersoftware 2012\wgui12.dll
2012-09-13 14:38 - 2012-09-06 20:14 - 00028672 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsdcom47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 02356736 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtCorers47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 08934400 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtGuirs47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 00990208 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtNetworkrs47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 00358400 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtXmlrs47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 00720896 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtSqlrs47.dll
2012-09-13 14:38 - 2012-02-07 12:37 - 01340416 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtScriptrs47.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 02395648 ____N () C:\Program Files\WISO\Steuersoftware 2012\Qt3Supportrs47.dll
2012-09-13 14:38 - 2012-02-07 12:37 - 11163648 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtWebKitrs47.dll
2012-09-13 14:38 - 2012-02-07 12:37 - 00271872 ____N () C:\Program Files\WISO\Steuersoftware 2012\phononrs47.dll
2012-09-13 14:38 - 2012-02-07 12:37 - 00108544 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtTestrs47.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 00275096 _____ () C:\Program Files\WISO\Steuersoftware 2012\rscorewinapi47.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 00319640 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsguiwinapi47.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 03001496 _____ () C:\Program Files\WISO\Steuersoftware 2012\wcore12.dll
2012-09-13 14:38 - 2012-09-06 20:14 - 00135832 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsodbc47.dll
2012-09-13 14:38 - 2012-02-07 12:37 - 00865280 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtCLuceners47.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 02017432 _____ () C:\Program Files\WISO\Steuersoftware 2012\wfvie12.dll
2012-09-13 14:38 - 2012-02-07 12:36 - 00281088 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtSvgrs47.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 01548952 _____ () C:\Program Files\WISO\Steuersoftware 2012\wsteu12.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 01649816 _____ () C:\Program Files\WISO\Steuersoftware 2012\wreli12.dll
2012-09-13 14:38 - 2012-09-06 20:15 - 04467864 _____ () C:\Program Files\WISO\Steuersoftware 2012\wauff12.dll
2013-08-17 11:31 - 2013-10-01 08:25 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-10 17:23 - 2013-10-10 17:23 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: My Book World Edition Network Storage
Description: My Book World Edition Network Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3241.02 MB
Available physical RAM: 1070.7 MB
Total Pagefile: 6480.33 MB
Available Pagefile: 3948.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.11 MB

==================== Drives ================================

Drive c: (LocalDisk) (Fixed) (Total:119.24 GB) (Free:8.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: BBC34479)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Danke & Gruß,
Markus
__________________

Alt 23.10.2013, 07:48   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



AdwCleaner löschen.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2013, 10:00   #5
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Unten zunächst das Log aus FRST.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2013
Ran by Markus.Ortlieb at 2013-10-23 08:58:43 Run:1
Running from C:\Users\Markus.Ortlieb\Downloads\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
AdWCleaner erzeugt leider keine Logdatei, ich habe danach gesucht. Auch nach einem Neustart wird diese nicht geöffnet. Ich habe das Programm gelöscht, neu runtergeladen und ausgeführt. Und nun?

Hier nun die LogDatei des Junkware-Tools:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Enterprise x86
Ran by Markus.Ortlieb on 23.10.2013 at  9:57:35,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2013 at  9:58:47,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Alt 23.10.2013, 15:55   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Frisches FRST log fehlt.
__________________
--> Whilokii Virus entfernen

Alt 23.10.2013, 16:52   #7
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Ich hoffe ich habe das nun richtig gemacht. Habe wieder das Notepad geöffnet, den Text aus der Codebox eingefügt und als Fixlog.txt abgespeichert. Dann wieder FRST ausgeführt und Fix geklickt. Hier nun das Logfile:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013
Ran by Markus.Ortlieb at 2013-10-23 16:16:29 Run:2
Running from C:\Users\Markus.Ortlieb\Downloads\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Ich möchte nicht drängen, aber mein Rechner wird immer noch langsamer, jedes Tippen, scrollen, Mausklicks, wird/werden stark verzögert, etc. Kann ich denn irgendwas machen um wenisgtens das aufzuhalten?

Alt 24.10.2013, 09:31   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Ich brauche ein frisches Scanlog von FRST nach all den Tools
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2013, 10:34   #9
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Hallo Schrauber,

erstmal vielen Dank für die Hilfe nochmals!!! Hier nun das Scanlog, soeben durchgeführt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 24-10-2013 10:33:09
Running from C:\Users\Markus.Ortlieb\Downloads\FRST
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe
(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)
HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe
Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn
FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\
FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\

========================== Services (Whitelisted) =================

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)
R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)
S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl8d7ce570; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88369EEC-5AE5-4CB7-95C5-E5FF588EE8FD}\MpKsl8d7ce570.sys [40392 2013-10-23] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java
2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe
2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe
2013-10-23 08:58 - 2013-10-24 10:33 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST
2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt
2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 09:40 - 2013-10-23 09:50 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4
2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4
2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4
2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe
2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

==================== One Month Modified Files and Folders =======

2013-10-24 10:33 - 2013-10-23 08:58 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST
2013-10-24 10:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 09:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job
2013-10-23 16:13 - 2012-02-16 17:12 - 01626701 _____ C:\Windows\WindowsUpdate.log
2013-10-23 16:01 - 2010-09-09 22:45 - 08141522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 16:01 - 2010-08-15 20:12 - 00691622 _____ C:\Windows\system32\perfh01D.dat
2013-10-23 16:01 - 2010-08-15 20:12 - 00152192 _____ C:\Windows\system32\perfc01D.dat
2013-10-23 16:01 - 2010-08-15 20:07 - 00767960 _____ C:\Windows\system32\perfh015.dat
2013-10-23 16:01 - 2010-08-15 20:07 - 00165376 _____ C:\Windows\system32\perfc015.dat
2013-10-23 16:01 - 2010-08-15 19:52 - 00771500 _____ C:\Windows\system32\perfh013.dat
2013-10-23 16:01 - 2010-08-15 19:52 - 00162648 _____ C:\Windows\system32\perfc013.dat
2013-10-23 16:01 - 2010-08-15 19:46 - 00768096 _____ C:\Windows\system32\perfh010.dat
2013-10-23 16:01 - 2010-08-15 19:46 - 00156376 _____ C:\Windows\system32\perfc010.dat
2013-10-23 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job
2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java
2013-10-23 14:39 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-23 14:36 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache
2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-23 09:52 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI
2013-10-23 09:50 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-23 09:50 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing
2013-10-23 09:49 - 2011-05-10 17:42 - 00062826 _____ C:\Windows\setupact.log
2013-10-23 09:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe
2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe
2013-10-22 17:33 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt
2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log
2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE
2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol
2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP
2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump
2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol
2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla
2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe
2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP
2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP
2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109



LastRegBack: 2013-10-21 15:12

==================== End Of Log ============================
         
--- --- ---

Alt 24.10.2013, 12:52   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Sieht gut aus.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2013, 15:27   #11
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Hallo Schrauber,

ich lasse gerade ESET scannen. Jedoch kann ich die Windows-Firewall nicht deaktivieren, da die von unserem System-Admin verwaltet wird. aussage "Wir deaktivieren diese nicht!". Ich sitze ein paar hundert km von ihm weg und habe leider keinen Einfluss daher.

Ich habe übrigens immernoch die ganzen Werbeeinblndungen links, oben, unten, überall auf dem Bildschirm. Whilokii erscheint permanent ...

Sobald ich die log-files habe poste ich sie, inkl. des FRST Scanlogs.

Danke nochmals!

Markus

Hier das log-file.
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9d90ef8d66694d4f80c793f81647704c
# engine=15616
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-24 01:05:54
# local_time=2013-10-24 03:05:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2690653 134251145 0 0
# scanned=512606
# found=1
# cleaned=0
# scan_time=6797
sh=E08C63CC3B24EEFD148937B8416AABBFB9E757E8 ft=1 fh=c54cfafd57b63771 vn="multiple threats" ac=I fn="C:\Users\Markus.Ortlieb\AppData\Local\Temp\{5AE23E50-7090-43BB-AD09-6FFF6F3FDD61}\setup.exe"
         
Wenn ich Security Check laufen lasse bekomme ich folgende Meldung: "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

Hier noch ein aktuelles Scanlog-File von FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 24-10-2013 15:26:30
Running from C:\Users\Markus.Ortlieb\Downloads\FRST
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe
(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google) C:\Users\Markus.Ortlieb\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)
HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe
Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn
FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\
FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\

========================== Services (Whitelisted) =================

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)
R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)
S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl8d7ce570; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88369EEC-5AE5-4CB7-95C5-E5FF588EE8FD}\MpKsl8d7ce570.sys [40392 2013-10-23] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 15:24 - 2013-10-24 15:24 - 00891167 _____ C:\Users\Markus.Ortlieb\Downloads\SecurityCheck.exe
2013-10-24 14:57 - 2013-10-24 14:57 - 00110168 _____ C:\23.10.2013.one
2013-10-24 13:10 - 2013-10-24 13:10 - 02347384 _____ (ESET) C:\Users\Markus.Ortlieb\Downloads\esetsmartinstaller_enu.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java
2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe
2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe
2013-10-23 08:58 - 2013-10-24 15:26 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST
2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt
2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 09:40 - 2013-10-23 09:50 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4
2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4
2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4
2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe
2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe
2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe
2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll
2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

==================== One Month Modified Files and Folders =======

2013-10-24 15:26 - 2013-10-23 08:58 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST
2013-10-24 15:24 - 2013-10-24 15:24 - 00891167 _____ C:\Users\Markus.Ortlieb\Downloads\SecurityCheck.exe
2013-10-24 15:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 14:57 - 2013-10-24 14:57 - 00110168 _____ C:\23.10.2013.one
2013-10-24 14:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job
2013-10-24 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job
2013-10-24 13:25 - 2012-02-16 17:12 - 01829829 _____ C:\Windows\WindowsUpdate.log
2013-10-24 13:12 - 2010-09-09 22:45 - 08141522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-24 13:12 - 2010-08-15 20:12 - 00691622 _____ C:\Windows\system32\perfh01D.dat
2013-10-24 13:12 - 2010-08-15 20:12 - 00152192 _____ C:\Windows\system32\perfc01D.dat
2013-10-24 13:12 - 2010-08-15 20:07 - 00767960 _____ C:\Windows\system32\perfh015.dat
2013-10-24 13:12 - 2010-08-15 20:07 - 00165376 _____ C:\Windows\system32\perfc015.dat
2013-10-24 13:12 - 2010-08-15 19:52 - 00771500 _____ C:\Windows\system32\perfh013.dat
2013-10-24 13:12 - 2010-08-15 19:52 - 00162648 _____ C:\Windows\system32\perfc013.dat
2013-10-24 13:12 - 2010-08-15 19:46 - 00768096 _____ C:\Windows\system32\perfh010.dat
2013-10-24 13:12 - 2010-08-15 19:46 - 00156376 _____ C:\Windows\system32\perfc010.dat
2013-10-24 13:10 - 2013-10-24 13:10 - 02347384 _____ (ESET) C:\Users\Markus.Ortlieb\Downloads\esetsmartinstaller_enu.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java
2013-10-23 14:39 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-23 14:36 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache
2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt
2013-10-23 09:52 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI
2013-10-23 09:50 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive
2013-10-23 09:50 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing
2013-10-23 09:49 - 2011-05-10 17:42 - 00062826 _____ C:\Windows\setupact.log
2013-10-23 09:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe
2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe
2013-10-22 17:33 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt
2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST
2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log
2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE
2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP
2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol
2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl
2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb
2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe
2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt
2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk
2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B
2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google
2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe
2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate
2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi
2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers
2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe
2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat
2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx
2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls
2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake
2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp
2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP
2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump
2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol
2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM
2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini
2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms
2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute
2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls
2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls
2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla
2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe
2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe
2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe
2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls
2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls
2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP
2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP
2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk
2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe
2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans
2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe
2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url
2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help
2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk
2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109



LastRegBack: 2013-10-21 15:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 25.10.2013, 09:46   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



In welchem Browser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2013, 10:11   #13
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Firefox 24.0
Im Internet Explorer sehe ich am unteren Bildschirmrand immer die einblendung "Diese Website möchte das folgende Add-On ausführen: "Adobe-Flash-Player" von Adobe Systems Incorporated" - Welches Risiki besteht"
Im IE hatte ich bisher jedoch noch nicht diese dauernden Einbelndungen links, oben, unten, etc.

Markus

Alt 25.10.2013, 12:26   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2013, 12:38   #15
scrooge75
 
Whilokii Virus entfernen - Standard

Whilokii Virus entfernen



Habe deinstalliert, vorher jedoch die Bookmarks (hunderte) exportiert (diese noch nicht installiert), sonst keine anderen Daten mitgenommen. Neu installiert und jetzt scheint alles gut zu sein. Muss ich noch einen weiteren Test durchführen?

Vorab herzlichen Dank!!!
Markus

Antwort

Themen zu Whilokii Virus entfernen
basis, bekannte, entferne, entfernen, farbar, farbar recovery scan tool, firefox, folge, folgendes, genutzt, heute, infektionen, installiert, leiste, links, logfiles, malwarebytes, mozilla, nutze, pop-ups, rechts, recovery, scan, seite, tipps, tool, virus, whilokii, whilokii virus



Ähnliche Themen: Whilokii Virus entfernen


  1. whilokii entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (17)
  2. Quickscan mit Anti-Maleware - PUP.Optional.Incredibar.A & PUP.Optional.Whilokii.A
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (24)
  3. Whilokii Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (7)
  4. Whilokii entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (6)
  5. Windows 7 Befall mit Whilokii 1.0.0
    Log-Analyse und Auswertung - 09.11.2013 (5)
  6. windows xp QV06 und whilokii u.a. lähmen
    Log-Analyse und Auswertung - 09.11.2013 (3)
  7. Whilokii-Virus
    Log-Analyse und Auswertung - 06.11.2013 (7)
  8. Windows7: Whilokii-Virus
    Log-Analyse und Auswertung - 05.11.2013 (15)
  9. Win8 Whilokii, BrowseFox.A und Delta-Search, evtl. mehr...
    Log-Analyse und Auswertung - 03.11.2013 (11)
  10. Whilokii und evtl weitere PC Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.10.2013 (15)
  11. Whilokii Virus
    Log-Analyse und Auswertung - 26.10.2013 (14)
  12. Whilokii Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2013 (9)
  13. Firefox-Download mit Doko Search, Wajam, Whilokii, Bonanza Deals, qvo6 u. wsys control
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (11)
  14. Whilokii Virus+vielleicht auch andere, langsames System,
    Log-Analyse und Auswertung - 24.10.2013 (5)
  15. whilokii - wie werde ich es los?
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (14)
  16. Whilokii bei windows 8 entfernen
    Log-Analyse und Auswertung - 17.10.2013 (2)
  17. Virus Whilokii/QV06?
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (7)

Zum Thema Whilokii Virus entfernen - Hallo, ich nutze den Mozilla Firefox und habe seit heute seitlich links auf nahezu jeder Seite eine eingeblendete Leiste (rechts oben im Eck steht ein T, darunter dann "Related Searches:"), - Whilokii Virus entfernen...
Archiv
Du betrachtest: Whilokii Virus entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.