Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2014, 13:09   #1
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Hallo zusammen,

ich würde mich sehr über Eure Hilfe freuen.

Leider öffnen sich beim browsen im Firefox häufig unerwünschte Pop Ups.
Es ist sind verschienede Pop-Ups, häufig ist es ein Fenster mit der URL "Lpcloudsvr203.com"

Manchmal öffnet sich auch eine URL mit "sofler.com...", es sind veschiedene URLs.

Es sind vermeintlich notwendige Java Updates, Video-Player und ähnlich nervige Dinge, die ich installieren soll, was ich natürlich nicht mache.

Ich habe schon mehrfach versucht nach Eurer Anleitung das Virus zu entfernen, aber ich werde ich nicht los. Die unerwünschten Pop-Up treten immer wieder auf.

Es würde mich freuen, wenn Ihr mir eine Schritt für Schritt Anleitung an die Hand geben würdet.

Danke.
Tom

Alt 13.04.2014, 14:19   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.04.2014, 09:15   #3
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Herzlichen Dank für die Hilfe.


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014
Ran by ED (administrator) on ED-NB-HP4720S on 13-04-2014 18:35:38
Running from C:\Users\ED\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\windows\system\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(4G Systems GmbH & Co. KG) C:\windows\starter4g.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-11] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-07-11] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [starter4g] => C:\windows\starter4g.exe [160424 2011-03-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [] => [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {6f0d5f49-a3de-11e1-a3f0-fafe86a802d0} - D:\autorun.exe
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {a7865084-edd3-11df-8905-70f395d8476b} - "D:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683\Extensions\foxmarks@kei.com [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1323552 2012-10-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2011-03-30] ()
R2 XS Stick Service; C:\windows\service4g.exe [145064 2011-03-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMMODEM; C:\Windows\System32\DRIVERS\btmcom.sys [52736 2010-04-10] (Motorola, Inc.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-05-22] (Mobile Connector)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2010-07-15] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 18:30 - 2014-04-13 18:35 - 00022660 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-13 18:30 - 2014-04-13 18:30 - 02157568 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-13 11:50 - 2014-04-13 14:13 - 00000168 _____ () C:\windows\setupact.log
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-12 08:33 - 2014-04-12 08:33 - 00000010 _____ () C:\ATT00016.dat
2014-04-11 16:03 - 2014-04-11 16:03 - 00725358 _____ () C:\bookmarks-2014-04-11.json
2014-04-11 16:02 - 2014-04-11 16:02 - 01276472 _____ () C:\bookmarks.html
2014-04-11 10:44 - 2014-04-11 10:44 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu(1).exe
2014-04-11 10:37 - 2014-04-13 18:35 - 00000000 ____D () C:\FRST
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 10:55 - 2014-04-09 10:56 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-09 10:10 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-09 10:10 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-09 10:10 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-09 10:10 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 10:10 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 10:10 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 10:10 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 10:10 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 10:10 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 10:10 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 10:10 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 10:10 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-03 14:28 - 2014-04-03 14:29 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-02 17:43 - 2014-04-02 17:41 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:43 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-04-02 17:37 - 2014-04-02 17:40 - 00000058 _____ () C:\Users\ED\Desktop\Neues Textdokument.txt
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 08:34 - 2014-03-22 12:40 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 08:19 - 2014-03-22 08:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

==================== One Month Modified Files and Folders =======

2014-04-13 18:35 - 2014-04-13 18:30 - 00022660 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-13 18:35 - 2014-04-11 10:37 - 00000000 ____D () C:\FRST
2014-04-13 18:33 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:33 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 18:30 - 2014-04-13 18:30 - 02157568 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-13 18:20 - 2010-09-30 00:00 - 01853704 _____ () C:\windows\WindowsUpdate.log
2014-04-13 17:45 - 2012-04-24 09:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 17:39 - 2011-03-02 00:24 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 14:23 - 2011-10-17 10:28 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Dropbox
2014-04-13 14:23 - 2010-10-27 22:17 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4C6A7F18-431D-40FC-AD81-14DE03825AB2}
2014-04-13 14:20 - 2010-09-03 11:44 - 00703230 _____ () C:\windows\system32\perfh007.dat
2014-04-13 14:20 - 2010-09-03 11:44 - 00150838 _____ () C:\windows\system32\perfc007.dat
2014-04-13 14:20 - 2009-07-14 07:13 - 01629444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-13 14:16 - 2011-10-17 10:45 - 00000000 ___RD () C:\Users\ED\Dropbox
2014-04-13 14:15 - 2010-10-28 12:18 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Skype
2014-04-13 14:13 - 2014-04-13 11:50 - 00000168 _____ () C:\windows\setupact.log
2014-04-13 14:13 - 2011-03-02 00:24 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 14:13 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-13 14:13 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-13 14:12 - 2014-01-20 10:51 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:14 - 2010-10-21 00:15 - 00000000 ____D () C:\Users\ED\AppData\Local\PDFC
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:48 - 2012-07-03 23:35 - 00000000 ___DC () C:\Users\ED\AppData\Local\MigWiz
2014-04-13 11:48 - 2012-04-24 19:44 - 00000000 ____D () C:\windows\Minidump
2014-04-13 11:48 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-12 08:33 - 2014-04-12 08:33 - 00000010 _____ () C:\ATT00016.dat
2014-04-11 16:03 - 2014-04-11 16:03 - 00725358 _____ () C:\bookmarks-2014-04-11.json
2014-04-11 16:02 - 2014-04-11 16:02 - 01276472 _____ () C:\bookmarks.html
2014-04-11 13:51 - 2011-10-17 10:45 - 00001013 _____ () C:\Users\ED\Desktop\Dropbox.lnk
2014-04-11 13:51 - 2011-10-17 10:34 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-11 13:51 - 2010-10-21 00:14 - 00000000 ___RD () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-11 10:44 - 2014-04-11 10:44 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu(1).exe
2014-04-11 09:32 - 2011-10-28 21:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-11 09:32 - 2010-10-24 20:01 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 12:10 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 18:08 - 2010-10-21 06:01 - 00000000 ____D () C:\windows\rescache
2014-04-09 12:10 - 2010-10-28 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:09 - 2013-09-09 03:02 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 12:05 - 2010-10-24 21:41 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 10:56 - 2014-04-09 10:55 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-06 23:39 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-04-03 14:29 - 2014-04-03 14:28 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-03 14:11 - 2010-09-30 00:08 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 09:34 - 2011-03-02 00:24 - 00004098 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 09:34 - 2011-03-02 00:24 - 00003846 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 17:43 - 2014-04-02 17:41 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:43 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-04-02 17:40 - 2014-04-02 17:37 - 00000058 _____ () C:\Users\ED\Desktop\Neues Textdokument.txt
2014-03-31 03:16 - 2014-04-09 10:10 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 10:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 10:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 10:10 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-29 19:34 - 2012-04-26 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 19:18 - 2010-10-29 01:43 - 00000000 ____D () C:\Users\ED\AppData\Local\Apple Computer
2014-03-23 19:18 - 2010-10-28 12:04 - 00000000 ____D () C:\Program Files (x86)\Password Safe
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 12:40 - 2014-03-22 08:34 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 12:33 - 2014-02-28 04:05 - 01649854 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-22 08:48 - 2014-03-22 08:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

Some content of TEMP:
====================
C:\Users\ED\AppData\Local\Temp\avgnt.exe
C:\Users\ED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0mery2.dll
C:\Users\ED\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 17:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014
Ran by ED at 2014-04-13 18:35:59
Running from C:\Users\ED\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{82C9101B-36EC-5821-DD8B-05480074A0B8}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 1.0.23.26 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.43.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Avery Wizard 3.1 (HKLM-x32\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.4.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.4.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
EASEUS Partition Master 6.5.2 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
etope 8 (HKLM-x32\...\etope_is1) (Version:  - Freshworx GmbH & Co. KG)
Face Recognition for HP ProtectTools (HKLM\...\{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}) (Version: 2.05.4140 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C3059B3-B804-42BB-909B-25864C7D33E3}) (Version: 1.6.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{014C6C60-4916-48F7-916E-E8048E12E9F1}) (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}) (Version: 1.0.9.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{F2177395-FD90-44B0-AFB8-2E0566855E5C}) (Version: 1.0.31.182 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F487D}) (Version: 1.0.1.63 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{2BC0D0E6-13E7-4CCB-98ED-1D8CDF89D96B}) (Version: 4.0.59.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.9 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0024 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Lexmark Drucker-Software deinstallieren (HKLM-x32\...\Lexmark Printer Software Uninstall) (Version:  - )
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Macromedia Dreamweaver MX (HKLM-x32\...\{8B4AB829-DFD3-436D-B808-D9733D76C590}) (Version: 6.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Macromedia Fireworks MX (HKLM-x32\...\{930B2432-43D4-11D5-9871-00C04F8EEB39}) (Version: 6 - Macromedia)
Macromedia Flash MX (HKLM-x32\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 6.0 - Heiko Schröder)
ModPlug Player (HKLM-x32\...\ModPlug Player v1.46_is1) (Version: 1.46 - Olivier Lapicque/MODPlug Central)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPEG2 Decoder (HKLM-x32\...\mpeg2dec) (Version:  - )
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Open-Xchange Updater (HKLM-x32\...\{AE40338F-CA94-4CB2-BEFF-CCF302FDDD64}) (Version: 6.18.9 - Open-Xchange Inc.)
OXtender 2 for Microsoft Outlook (HKLM-x32\...\{7D9E2F29-A00A-4AA1-BD76-D220041A2A8B}) (Version: 7.0.27 - Open-Xchange AG)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.11 - PDF Complete, Inc)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (HKLM\...\Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1) (Version: 3.0.41.258 - Motorola, Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
TotalMedia Suite update (x32 Version: 1.0.0.1 - ArcSoft) Hidden
TradeManager 2013 Beta2 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}) (Version: 4.0.10.0 - Validity Sensors, Inc.)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)

==================== Restore Points  =========================

09-04-2014 10:04:15 Windows Update
10-04-2014 07:32:27 Revo Uninstaller's restore point - Bing Bar

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059BC5F6-C947-4C72-A33D-CEAF674F6596} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {191309CA-7EBF-4356-982F-7BC7248F0D8E} - System32\Tasks\{EC54675D-9E45-4F4C-8CF6-184A755F0F11} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {38E9AD66-2541-446A-BD68-1E77AA76FDB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {39458C7D-9622-432B-8DFC-0C07F1D94A51} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {532A5497-9E34-4EDE-9978-2E8339AAA14F} - System32\Tasks\{8BE1B655-91B6-4027-BB1A-7F56513F3EFA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {63F42CDB-56E6-4920-B1A1-BF07D8DEB651} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {88D41318-3A92-4D46-8F7C-33B8254072B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02] (Google Inc.)
Task: {BC59EC6F-A00C-4157-8E06-703378BED3A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02] (Google Inc.)
Task: {F0177670-0965-46C7-BB92-FCA04351ECDF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FEA8884E-EA27-4130-994F-34FFF941B879} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-11 22:50 - 2010-02-11 22:50 - 00746256 _____ () C:\windows\system32\SUPSDK.dll
2009-11-23 18:24 - 2009-11-23 18:24 - 01412608 ____R () C:\windows\system32\LIBEAY32.dll
2010-04-20 09:10 - 2010-04-20 09:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-05-23 20:31 - 2009-12-07 07:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2013-05-23 20:31 - 2009-08-01 03:06 - 00155648 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2012-05-22 09:31 - 2011-03-30 13:20 - 00327392 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2010-06-19 01:25 - 2010-06-19 01:25 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00055864 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-04-05 22:00 - 2012-04-05 22:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-09 00:07 - 2013-09-08 23:57 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-04-13 14:14 - 2014-04-13 14:14 - 00041984 _____ () c:\users\ed\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0mery2.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\ED\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-16 20:56 - 2014-02-16 20:56 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-09-03 11:31 - 2010-03-04 06:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-29 11:24 - 2014-03-29 11:24 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 00:45 - 2014-03-12 00:45 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\fam.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 02:13:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/13/2014 01:28:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/13/2014 11:51:20 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/13/2014 11:51:20 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/13/2014 11:51:20 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/13/2014 11:51:20 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/13/2014 11:51:17 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/13/2014 11:51:17 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/13/2014 11:51:17 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/13/2014 11:51:17 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/13/2014 02:19:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/13/2014 02:13:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/13/2014 02:12:26 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/13/2014 01:28:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/13/2014 01:28:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎13.‎04.‎2014 um 13:26:27 unerwartet heruntergefahren.

Error: (04/13/2014 11:51:51 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/13/2014 11:51:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2014 11:51:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (04/13/2014 11:50:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/13/2014 11:07:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001


Microsoft Office Sessions:
=========================
Error: (04/11/2014 10:32:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1668 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (04/10/2014 02:14:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/04/2014 08:49:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/06/2014 07:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 246 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/03/2014 11:34:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 151 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 10:48:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/22/2014 02:33:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/15/2014 00:08:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/10/2014 02:03:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 07:50:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 3951.43 MB
Available physical RAM: 1496.34 MB
Total Pagefile: 7901.04 MB
Available Pagefile: 4498.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:191.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 974D7BFF)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---

Hallo,

sind denn kritische Zeilen in den Log-Files enthalten?
Wie ist die weitere Vorgehensweise?

Freue mich über Eure Antworten.
__________________

Alt 15.04.2014, 11:25   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.04.2014, 15:34   #5
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Danke erstmal

Hier die sind benötigten Angaben.
Wie geht es nun weiter?


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.04.2014
Suchlauf-Zeit: 14:51:16
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.16.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ED

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 268950
Verstrichene Zeit: 15 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 15:01:15
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ED - ED-NB-HP4720S
# Gestartet von : C:\Users\ED\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683\prefs.js ]


*************************

AdwCleaner[R0].txt - [2195 octets] - [20/01/2014 10:51:24]
AdwCleaner[R10].txt - [1642 octets] - [26/01/2014 14:18:55]
AdwCleaner[R11].txt - [1724 octets] - [02/02/2014 13:52:51]
AdwCleaner[R12].txt - [1768 octets] - [22/03/2014 07:53:23]
AdwCleaner[R13].txt - [1895 octets] - [22/03/2014 08:03:42]
AdwCleaner[R14].txt - [1967 octets] - [31/03/2014 09:38:55]
AdwCleaner[R15].txt - [2019 octets] - [31/03/2014 09:43:04]
AdwCleaner[R16].txt - [2071 octets] - [09/04/2014 00:12:02]
AdwCleaner[R17].txt - [2149 octets] - [11/04/2014 09:58:01]
AdwCleaner[R18].txt - [2210 octets] - [13/04/2014 14:11:31]
AdwCleaner[R19].txt - [2326 octets] - [16/04/2014 15:00:27]
AdwCleaner[R1].txt - [2255 octets] - [20/01/2014 10:53:07]
AdwCleaner[R2].txt - [2315 octets] - [20/01/2014 10:57:46]
AdwCleaner[R3].txt - [1041 octets] - [20/01/2014 11:09:50]
AdwCleaner[R4].txt - [1102 octets] - [21/01/2014 11:40:23]
AdwCleaner[R5].txt - [1222 octets] - [21/01/2014 11:47:00]
AdwCleaner[R6].txt - [1281 octets] - [21/01/2014 19:44:52]
AdwCleaner[R7].txt - [1401 octets] - [21/01/2014 19:50:48]
AdwCleaner[R8].txt - [1461 octets] - [26/01/2014 11:47:18]
AdwCleaner[R9].txt - [1521 octets] - [26/01/2014 13:57:39]
AdwCleaner[S0].txt - [2267 octets] - [20/01/2014 11:04:46]
AdwCleaner[S1].txt - [1164 octets] - [21/01/2014 11:43:27]
AdwCleaner[S2].txt - [1342 octets] - [21/01/2014 19:46:00]
AdwCleaner[S3].txt - [1582 octets] - [26/01/2014 13:58:42]
AdwCleaner[S4].txt - [1829 octets] - [22/03/2014 07:58:42]
AdwCleaner[S5].txt - [2270 octets] - [13/04/2014 14:12:13]
AdwCleaner[S6].txt - [2246 octets] - [16/04/2014 15:01:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2306 octets] ##########
         


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ED on 16.04.2014 at 15:14:12,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ED\AppData\Roaming\mozilla\firefox\profiles\j18m8at8.default-1397034726683\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 15:23:42,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01
Ran by ED (administrator) on ED-NB-HP4720S on 16-04-2014 15:28:19
Running from C:\Users\ED\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(AMD) C:\windows\system32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\windows\system\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-11] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-07-11] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [starter4g] => C:\windows\starter4g.exe [160424 2011-03-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [] => [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {6f0d5f49-a3de-11e1-a3f0-fafe86a802d0} - D:\autorun.exe
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {a7865084-edd3-11df-8905-70f395d8476b} - "D:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683\Extensions\foxmarks@kei.com [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1323552 2012-10-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2011-03-30] ()
R2 XS Stick Service; C:\windows\service4g.exe [145064 2011-03-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMMODEM; C:\Windows\System32\DRIVERS\btmcom.sys [52736 2010-04-10] (Motorola, Inc.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-05-22] (Mobile Connector)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2010-07-15] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 15:26 - 2014-04-16 15:26 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-16 15:23 - 2014-04-16 15:24 - 00000764 _____ () C:\Users\ED\Desktop\JRT.txt
2014-04-16 15:12 - 2014-04-16 15:12 - 01016261 _____ (Thisisu) C:\Users\ED\Desktop\JRT.exe
2014-04-16 15:11 - 2014-04-16 15:11 - 00002386 _____ () C:\Users\ED\Desktop\AdwCleaner[S6].txt
2014-04-16 15:00 - 2014-04-16 15:00 - 01426178 _____ () C:\Users\ED\Desktop\adwcleaner.exe
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 12:23 - 2014-04-16 15:04 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-16 12:22 - 2014-04-16 12:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:19 - 2014-04-16 12:21 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-14 18:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-14 18:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-14 18:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-14 18:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-14 18:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-14 18:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-14 18:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-14 18:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-14 18:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-14 18:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-14 18:08 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-14 18:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-14 18:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-14 18:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-13 18:35 - 2014-04-13 18:37 - 00040636 _____ () C:\Users\ED\Desktop\Addition.txt
2014-04-13 18:30 - 2014-04-16 15:28 - 00022592 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-13 18:30 - 2014-04-16 15:26 - 02158080 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-13 11:50 - 2014-04-16 15:02 - 00000784 _____ () C:\windows\setupact.log
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 16:03 - 2014-04-11 16:03 - 00725358 _____ () C:\bookmarks-2014-04-11.json
2014-04-11 16:02 - 2014-04-11 16:02 - 01276472 _____ () C:\bookmarks.html
2014-04-11 10:44 - 2014-04-11 10:44 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu(1).exe
2014-04-11 10:37 - 2014-04-16 15:28 - 00000000 ____D () C:\FRST
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 10:55 - 2014-04-09 10:56 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-09 10:10 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 10:10 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 10:10 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 10:10 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 10:10 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 10:10 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 10:10 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 10:10 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 10:10 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-03 14:28 - 2014-04-03 14:29 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-02 17:43 - 2014-04-02 17:41 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:43 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 08:34 - 2014-03-22 12:40 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 08:19 - 2014-03-22 08:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

==================== One Month Modified Files and Folders =======

2014-04-16 15:28 - 2014-04-13 18:30 - 00022592 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-16 15:28 - 2014-04-11 10:37 - 00000000 ____D () C:\FRST
2014-04-16 15:26 - 2014-04-16 15:26 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-16 15:26 - 2014-04-13 18:30 - 02158080 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-16 15:24 - 2014-04-16 15:23 - 00000764 _____ () C:\Users\ED\Desktop\JRT.txt
2014-04-16 15:12 - 2014-04-16 15:12 - 01016261 _____ (Thisisu) C:\Users\ED\Desktop\JRT.exe
2014-04-16 15:11 - 2014-04-16 15:11 - 00002386 _____ () C:\Users\ED\Desktop\AdwCleaner[S6].txt
2014-04-16 15:11 - 2011-10-17 10:28 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Dropbox
2014-04-16 15:10 - 2010-10-28 12:18 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Skype
2014-04-16 15:10 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:10 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 15:08 - 2010-09-03 11:44 - 00703230 _____ () C:\windows\system32\perfh007.dat
2014-04-16 15:08 - 2010-09-03 11:44 - 00150838 _____ () C:\windows\system32\perfc007.dat
2014-04-16 15:08 - 2009-07-14 07:13 - 01629444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-16 15:06 - 2011-10-17 10:45 - 00000000 ___RD () C:\Users\ED\Dropbox
2014-04-16 15:04 - 2014-04-16 12:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 15:04 - 2011-03-02 00:24 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 15:04 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-16 15:02 - 2014-04-13 11:50 - 00000784 _____ () C:\windows\setupact.log
2014-04-16 15:02 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-16 15:01 - 2014-01-20 10:51 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:01 - 2010-09-30 00:00 - 01982512 _____ () C:\windows\WindowsUpdate.log
2014-04-16 15:00 - 2014-04-16 15:00 - 01426178 _____ () C:\Users\ED\Desktop\adwcleaner.exe
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 14:51 - 2010-10-27 22:17 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4C6A7F18-431D-40FC-AD81-14DE03825AB2}
2014-04-16 14:45 - 2012-04-24 09:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 14:39 - 2011-03-02 00:24 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 14:36 - 2010-10-21 00:15 - 00000000 ____D () C:\Users\ED\AppData\Local\PDFC
2014-04-16 13:12 - 2010-10-21 06:01 - 00000000 ____D () C:\windows\rescache
2014-04-16 12:23 - 2014-04-16 12:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:23 - 2013-01-13 01:20 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 12:23 - 2010-10-28 12:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 12:21 - 2014-04-16 12:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-15 14:08 - 2011-10-17 10:45 - 00001013 _____ () C:\Users\ED\Desktop\Dropbox.lnk
2014-04-15 14:08 - 2011-10-17 10:34 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-15 14:08 - 2010-10-21 00:14 - 00000000 ___RD () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-13 18:37 - 2014-04-13 18:35 - 00040636 _____ () C:\Users\ED\Desktop\Addition.txt
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:48 - 2012-07-03 23:35 - 00000000 ___DC () C:\Users\ED\AppData\Local\MigWiz
2014-04-13 11:48 - 2012-04-24 19:44 - 00000000 ____D () C:\windows\Minidump
2014-04-13 11:48 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 16:03 - 2014-04-11 16:03 - 00725358 _____ () C:\bookmarks-2014-04-11.json
2014-04-11 16:02 - 2014-04-11 16:02 - 01276472 _____ () C:\bookmarks.html
2014-04-11 10:44 - 2014-04-11 10:44 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu(1).exe
2014-04-11 09:32 - 2011-10-28 21:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-11 09:32 - 2010-10-24 20:01 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 12:10 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 12:10 - 2010-10-28 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:09 - 2013-09-09 03:02 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 12:05 - 2010-10-24 21:41 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 10:56 - 2014-04-09 10:55 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-06 23:39 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-04-03 14:29 - 2014-04-03 14:28 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-03 14:11 - 2010-09-30 00:08 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 09:51 - 2014-04-16 12:23 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-02-02 13:57 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2010-10-28 12:03 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-03 09:34 - 2011-03-02 00:24 - 00004098 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 09:34 - 2011-03-02 00:24 - 00003846 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 17:43 - 2014-04-02 17:41 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:43 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-03-29 19:34 - 2012-04-26 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 19:18 - 2010-10-29 01:43 - 00000000 ____D () C:\Users\ED\AppData\Local\Apple Computer
2014-03-23 19:18 - 2010-10-28 12:04 - 00000000 ____D () C:\Program Files (x86)\Password Safe
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 12:40 - 2014-03-22 08:34 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 12:33 - 2014-02-28 04:05 - 01649854 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-22 08:48 - 2014-03-22 08:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

Some content of TEMP:
====================
C:\Users\ED\AppData\Local\Temp\avgnt.exe
C:\Users\ED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppjne5f.dll
C:\Users\ED\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 17:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 17.04.2014, 11:09   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los

Alt 18.04.2014, 09:59   #7
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Danke für Eure Hilfe.

Weiteren unten poste ich die Log-Files.

Könnt Ihr mir diese Log-Files interpretieren?
Ich freue mich natürlich über die Handlungsanweisungen, nur weiß ich nicht ob es kritische Zeilen in den Log-Files gibt.

Nochmals danke

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5c975cec6b37bd44bf5266b41dd4dd7c
# engine=17925
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 03:54:33
# local_time=2014-04-17 05:54:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 28221 168421378 20873 0
# compatibility_mode=5893 16776574 100 94 24219480 149379923 0 0
# scanned=392441
# found=0
# cleaned=0
# scan_time=13780
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by ED (administrator) on ED-NB-HP4720S on 18-04-2014 09:54:47
Running from C:\Users\ED\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(AMD) C:\windows\system32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\windows\system\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-11] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-07-11] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [starter4g] => C:\windows\starter4g.exe [160424 2011-03-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [] => [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {6f0d5f49-a3de-11e1-a3f0-fafe86a802d0} - D:\autorun.exe
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {a7865084-edd3-11df-8905-70f395d8476b} - "D:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\j18m8at8.default-1397034726683\Extensions\foxmarks@kei.com [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1323552 2012-10-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2011-03-30] ()
R2 XS Stick Service; C:\windows\service4g.exe [145064 2011-03-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMMODEM; C:\Windows\System32\DRIVERS\btmcom.sys [52736 2010-04-10] (Motorola, Inc.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-05-22] (Mobile Connector)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2010-07-15] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 09:54 - 2014-04-18 09:54 - 00000842 _____ () C:\Users\ED\Desktop\checkup.txt
2014-04-18 09:52 - 2014-04-18 09:52 - 00987448 _____ () C:\Users\ED\Desktop\SecurityCheck.exe
2014-04-17 14:01 - 2014-04-17 14:01 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu.exe
2014-04-16 17:01 - 2014-04-16 17:01 - 00038408 _____ () C:\Users\ED\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-16 16:56 - 2014-04-16 16:57 - 02302976 _____ () C:\backup.pst
2014-04-16 15:26 - 2014-04-18 09:54 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-16 15:23 - 2014-04-16 15:24 - 00000764 _____ () C:\Users\ED\Desktop\JRT.txt
2014-04-16 15:12 - 2014-04-16 15:12 - 01016261 _____ (Thisisu) C:\Users\ED\Desktop\JRT.exe
2014-04-16 15:11 - 2014-04-16 15:11 - 00002386 _____ () C:\Users\ED\Desktop\AdwCleaner[S6].txt
2014-04-16 15:00 - 2014-04-16 15:00 - 01426178 _____ () C:\Users\ED\Desktop\adwcleaner.exe
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 12:23 - 2014-04-17 16:44 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-16 12:22 - 2014-04-16 12:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:19 - 2014-04-16 12:21 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-14 18:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-14 18:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-14 18:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-14 18:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-14 18:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-14 18:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-14 18:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-14 18:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-14 18:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-14 18:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-14 18:08 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-14 18:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-14 18:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-14 18:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-13 18:35 - 2014-04-13 18:37 - 00040636 _____ () C:\Users\ED\Desktop\Addition.txt
2014-04-13 18:30 - 2014-04-18 09:54 - 02158592 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-13 18:30 - 2014-04-18 09:54 - 00022769 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-13 11:50 - 2014-04-17 13:53 - 00000952 _____ () C:\windows\setupact.log
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-11 10:37 - 2014-04-18 09:54 - 00000000 ____D () C:\FRST
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 10:55 - 2014-04-09 10:56 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-09 10:10 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 10:10 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 10:10 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 10:10 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 10:10 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 10:10 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 10:10 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 10:10 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 10:10 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-03 14:28 - 2014-04-03 14:29 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-02 17:43 - 2014-04-02 17:41 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:43 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 08:34 - 2014-03-22 12:40 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 08:19 - 2014-03-22 08:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

==================== One Month Modified Files and Folders =======

2014-04-18 09:55 - 2014-04-13 18:30 - 00022769 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-18 09:54 - 2014-04-18 09:54 - 00000842 _____ () C:\Users\ED\Desktop\checkup.txt
2014-04-18 09:54 - 2014-04-16 15:26 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-18 09:54 - 2014-04-13 18:30 - 02158592 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-18 09:54 - 2014-04-11 10:37 - 00000000 ____D () C:\FRST
2014-04-18 09:52 - 2014-04-18 09:52 - 00987448 _____ () C:\Users\ED\Desktop\SecurityCheck.exe
2014-04-18 09:50 - 2011-10-28 21:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-18 09:50 - 2010-10-24 20:01 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-18 09:48 - 2012-04-24 09:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 09:48 - 2011-10-17 10:28 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Dropbox
2014-04-18 09:48 - 2011-03-02 00:24 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 09:48 - 2011-03-02 00:24 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 17:48 - 2010-09-30 00:00 - 02029531 _____ () C:\windows\WindowsUpdate.log
2014-04-17 16:44 - 2014-04-16 12:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 15:38 - 2010-10-27 22:17 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4C6A7F18-431D-40FC-AD81-14DE03825AB2}
2014-04-17 14:01 - 2014-04-17 14:01 - 02347384 _____ (ESET) C:\Users\ED\Downloads\esetsmartinstaller_enu.exe
2014-04-17 14:01 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 14:01 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 13:59 - 2010-09-03 11:44 - 00703230 _____ () C:\windows\system32\perfh007.dat
2014-04-17 13:59 - 2010-09-03 11:44 - 00150838 _____ () C:\windows\system32\perfc007.dat
2014-04-17 13:59 - 2009-07-14 07:13 - 01629444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-17 13:57 - 2011-10-17 10:45 - 00000000 ___RD () C:\Users\ED\Dropbox
2014-04-17 13:56 - 2010-10-28 12:18 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Skype
2014-04-17 13:55 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-17 13:53 - 2014-04-13 11:50 - 00000952 _____ () C:\windows\setupact.log
2014-04-17 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-16 17:01 - 2014-04-16 17:01 - 00038408 _____ () C:\Users\ED\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-16 16:57 - 2014-04-16 16:56 - 02302976 _____ () C:\backup.pst
2014-04-16 15:35 - 2010-10-28 12:04 - 00000000 ____D () C:\Program Files (x86)\Password Safe
2014-04-16 15:24 - 2014-04-16 15:23 - 00000764 _____ () C:\Users\ED\Desktop\JRT.txt
2014-04-16 15:12 - 2014-04-16 15:12 - 01016261 _____ (Thisisu) C:\Users\ED\Desktop\JRT.exe
2014-04-16 15:11 - 2014-04-16 15:11 - 00002386 _____ () C:\Users\ED\Desktop\AdwCleaner[S6].txt
2014-04-16 15:01 - 2014-01-20 10:51 - 00000000 ____D () C:\AdwCleaner
2014-04-16 15:00 - 2014-04-16 15:00 - 01426178 _____ () C:\Users\ED\Desktop\adwcleaner.exe
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 14:36 - 2010-10-21 00:15 - 00000000 ____D () C:\Users\ED\AppData\Local\PDFC
2014-04-16 13:12 - 2010-10-21 06:01 - 00000000 ____D () C:\windows\rescache
2014-04-16 12:23 - 2014-04-16 12:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:23 - 2013-01-13 01:20 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 12:23 - 2010-10-28 12:04 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Malwarebytes
2014-04-16 12:23 - 2010-10-28 12:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 12:21 - 2014-04-16 12:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-15 14:08 - 2011-10-17 10:45 - 00001013 _____ () C:\Users\ED\Desktop\Dropbox.lnk
2014-04-15 14:08 - 2011-10-17 10:34 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-15 14:08 - 2010-10-21 00:14 - 00000000 ___RD () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-13 18:37 - 2014-04-13 18:35 - 00040636 _____ () C:\Users\ED\Desktop\Addition.txt
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:48 - 2012-07-03 23:35 - 00000000 ___DC () C:\Users\ED\AppData\Local\MigWiz
2014-04-13 11:48 - 2012-04-24 19:44 - 00000000 ____D () C:\windows\Minidump
2014-04-13 11:48 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 12:10 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 12:10 - 2010-10-28 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:09 - 2013-09-09 03:02 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 12:05 - 2010-10-24 21:41 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 10:56 - 2014-04-09 10:55 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:18 - 2014-04-09 10:18 - 01016261 _____ (Thisisu) C:\Users\ED\Downloads\JRT.exe
2014-04-06 23:39 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-04-03 14:29 - 2014-04-03 14:28 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-03 14:11 - 2010-09-30 00:08 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 09:51 - 2014-04-16 12:23 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-02-02 13:57 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2010-10-28 12:03 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-03 09:34 - 2011-03-02 00:24 - 00004098 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 09:34 - 2011-03-02 00:24 - 00003846 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 17:43 - 2014-04-02 17:41 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:43 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-03-29 19:34 - 2012-04-26 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 11:24 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 19:18 - 2010-10-29 01:43 - 00000000 ____D () C:\Users\ED\AppData\Local\Apple Computer
2014-03-22 18:22 - 2014-03-22 18:22 - 00000016 _____ () C:\Users\ED\Desktop\butlers.txt
2014-03-22 12:40 - 2014-03-22 08:34 - 00003108 _____ () C:\Users\ED\Desktop\bayer.txt
2014-03-22 12:33 - 2014-02-28 04:05 - 01649854 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-22 08:48 - 2014-03-22 08:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 08:19 - 2014-03-22 08:19 - 10820032 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64.exe

Some content of TEMP:
====================
C:\Users\ED\AppData\Local\Temp\avgnt.exe
C:\Users\ED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpruh1cf.dll
C:\Users\ED\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 17:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 18.04.2014, 18:05   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Ich lese jede Zeile, kritisches für Dich (privat oder so) steht da nix drin.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.04.2014, 17:06   #9
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Hallo!

Erstmal wieder Danke für die Hilfe.

Mit "kritisches" meinte ich ob in den Logfiles Zeilen stehen, die auf Virenbefall oder Malware hinweisen.

Zum aktuellen Stand:
Ich habe Delfix, wie von Dir erklärt, verwendet.

Leider tritt das Lpcloudsvr203.com-Pop up immer noch auf, z.B. wenn ich mit www.hidemyass.com surfe.

Hast Du eine Idee, warum?
Bzw. was kann ich noch tun?

Vielen Dank im Voraus.

Alt 20.04.2014, 18:58   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.04.2014, 09:51   #11
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Hallo,

alles klar, ich habe das nach Deiner Anweisung gemacht.

Bitte gib mir ein paar Tage Zeit um zu beobachten, ob diese Pop-Ups noch auftreten.

Danke und viele Grüße
Tom

--------

UPDATE:

Hallo nochmal!

Ich musste leider nicht lange warten - das Pop-up tritt immer noch auf - nach all den genannten Maßnahmen.

Was Du noch eine Idee, was man tun kann?

Alt 22.04.2014, 19:58   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Screenshot davon bitte. FRST öffnen, setz bitte nen Haken bei Additional und scanne, poste beide Logfiles.

Andere Browser haben das Problem nicht?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.04.2014, 19:13   #13
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Hier die Logfiles und unten als Anhang der Screenshot.

Es kommen weiterhin diverse Pop-Ups, manchmal mit der URL sofler.com.
Meistens aber Lpcloudsvr203.com.

Im Internet Explorer ist das Problem nicht aufgetreten - habe diesen Browser aber kurz getestet.

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by ED (administrator) on ED-NB-HP4720S on 23-04-2014 19:07:29
Running from C:\Users\ED\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard) C:\windows\system32\Hpservice.exe
(AMD) C:\windows\system32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\windows\system\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Dropbox, Inc.) C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Microsoft Corporation) C:\windows\sysWow64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-11] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-07-11] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [starter4g] => C:\windows\starter4g.exe [160424 2011-03-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [] => [X]
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {6f0d5f49-a3de-11e1-a3f0-fafe86a802d0} - D:\autorun.exe
HKU\S-1-5-21-1253045310-2464405411-2134804099-1003\...\MountPoints2: {a7865084-edd3-11df-8905-70f395d8476b} - "D:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ED\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895\Extensions\foxmarks@kei.com [2014-04-21]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
S2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1323552 2012-10-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2011-03-30] ()
R2 XS Stick Service; C:\windows\service4g.exe [145064 2011-03-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [592256 2009-07-27] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMMODEM; C:\Windows\System32\DRIVERS\btmcom.sys [52736 2010-04-10] (Motorola, Inc.)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-05-22] (Mobile Connector)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [16776 2010-07-15] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89216 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 19:07 - 2014-04-23 19:07 - 00022188 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-23 19:06 - 2014-04-23 19:07 - 00000000 ____D () C:\FRST
2014-04-23 19:03 - 2014-04-23 19:03 - 02061312 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-21 21:27 - 2014-04-21 21:27 - 00000000 ____D () C:\Users\ED\Desktop\Alte Firefox-Daten
2014-04-21 21:23 - 2014-04-21 21:23 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 21:23 - 2014-04-21 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 21:22 - 2014-04-21 21:22 - 25032080 _____ (Mozilla) C:\Users\ED\Downloads\Firefox_Setup_de28.0 (1).exe
2014-04-21 21:20 - 2014-04-21 21:20 - 00000000 __SHD () C:\Users\ED\AppData\Local\EmieUserList
2014-04-21 21:20 - 2014-04-21 21:20 - 00000000 __SHD () C:\Users\ED\AppData\Local\EmieSiteList
2014-04-21 21:11 - 2014-04-21 21:11 - 00001268 _____ () C:\Users\ED\Desktop\Revo Uninstaller.lnk
2014-04-21 21:10 - 2014-04-21 21:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ED\Downloads\revosetup95.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00001402 _____ () C:\Users\ED\Desktop\DelFix.txt
2014-04-19 09:57 - 2014-04-19 09:58 - 00001402 _____ () C:\DelFix.txt
2014-04-18 19:54 - 2014-04-21 21:15 - 00001888 _____ () C:\windows\PFRO.log
2014-04-18 09:54 - 2014-04-18 09:54 - 00000842 _____ () C:\Users\ED\Desktop\checkup.txt
2014-04-16 17:01 - 2014-04-16 17:01 - 00038408 _____ () C:\Users\ED\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-16 16:56 - 2014-04-16 16:57 - 02302976 _____ () C:\backup.pst
2014-04-16 15:26 - 2014-04-18 09:54 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 12:23 - 2014-04-23 18:54 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 12:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-16 12:22 - 2014-04-16 12:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:19 - 2014-04-16 12:21 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-14 18:08 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-14 18:08 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-14 18:08 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-14 18:08 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-14 18:08 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-14 18:08 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-14 18:08 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-14 18:08 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-14 18:08 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-14 18:08 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-14 18:08 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-14 18:08 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-14 18:08 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-14 18:08 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-14 18:08 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-14 18:08 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-14 18:08 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-14 18:08 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-14 18:08 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-14 18:08 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-14 18:08 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-14 18:08 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 18:08 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-14 18:08 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-14 18:08 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-14 18:08 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-14 18:08 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-14 18:08 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-14 18:08 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-14 18:08 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-14 18:08 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-13 11:50 - 2014-04-23 18:52 - 00001848 _____ () C:\windows\setupact.log
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 10:55 - 2014-04-09 10:56 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-09 10:10 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 10:10 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 10:10 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 10:10 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 10:10 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 10:10 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 10:10 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 10:10 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 10:10 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 10:10 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 10:10 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-03 14:28 - 2014-04-03 14:29 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-02 17:43 - 2014-04-02 17:41 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:43 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark
2014-03-29 11:24 - 2014-04-21 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-23 19:07 - 2014-04-23 19:07 - 00022188 _____ () C:\Users\ED\Desktop\FRST.txt
2014-04-23 19:07 - 2014-04-23 19:06 - 00000000 ____D () C:\FRST
2014-04-23 19:07 - 2011-10-17 10:28 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Dropbox
2014-04-23 19:07 - 2010-09-30 00:00 - 01172638 _____ () C:\windows\WindowsUpdate.log
2014-04-23 19:03 - 2014-04-23 19:03 - 02061312 _____ (Farbar) C:\Users\ED\Desktop\FRST64.exe
2014-04-23 19:01 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 19:01 - 2009-07-14 06:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 18:59 - 2010-09-03 11:44 - 00703230 _____ () C:\windows\system32\perfh007.dat
2014-04-23 18:59 - 2010-09-03 11:44 - 00150838 _____ () C:\windows\system32\perfc007.dat
2014-04-23 18:59 - 2009-07-14 07:13 - 01629444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-23 18:57 - 2011-10-17 10:45 - 00000000 ___RD () C:\Users\ED\Dropbox
2014-04-23 18:56 - 2010-10-28 12:18 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Skype
2014-04-23 18:54 - 2014-04-16 12:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 18:54 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-23 18:53 - 2011-03-02 00:24 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 18:52 - 2014-04-13 11:50 - 00001848 _____ () C:\windows\setupact.log
2014-04-23 18:52 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-23 09:40 - 2011-03-02 00:24 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 22:46 - 2010-10-27 22:17 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4C6A7F18-431D-40FC-AD81-14DE03825AB2}
2014-04-22 22:45 - 2012-04-24 09:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 21:34 - 2011-10-17 10:45 - 00001013 _____ () C:\Users\ED\Desktop\Dropbox.lnk
2014-04-21 21:34 - 2011-10-17 10:34 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-21 21:34 - 2010-10-21 00:14 - 00000000 ___RD () C:\Users\ED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 21:27 - 2014-04-21 21:27 - 00000000 ____D () C:\Users\ED\Desktop\Alte Firefox-Daten
2014-04-21 21:24 - 2010-10-24 22:08 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Mozilla
2014-04-21 21:23 - 2014-04-21 21:23 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 21:23 - 2014-04-21 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 21:23 - 2014-03-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 21:22 - 2014-04-21 21:22 - 25032080 _____ (Mozilla) C:\Users\ED\Downloads\Firefox_Setup_de28.0 (1).exe
2014-04-21 21:20 - 2014-04-21 21:20 - 00000000 __SHD () C:\Users\ED\AppData\Local\EmieUserList
2014-04-21 21:20 - 2014-04-21 21:20 - 00000000 __SHD () C:\Users\ED\AppData\Local\EmieSiteList
2014-04-21 21:15 - 2014-04-18 19:54 - 00001888 _____ () C:\windows\PFRO.log
2014-04-21 21:11 - 2014-04-21 21:11 - 00001268 _____ () C:\Users\ED\Desktop\Revo Uninstaller.lnk
2014-04-21 21:11 - 2014-01-26 15:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-21 21:10 - 2014-04-21 21:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ED\Downloads\revosetup95.exe
2014-04-19 09:59 - 2014-04-19 09:59 - 00001402 _____ () C:\Users\ED\Desktop\DelFix.txt
2014-04-19 09:58 - 2014-04-19 09:57 - 00001402 _____ () C:\DelFix.txt
2014-04-19 09:57 - 2014-01-26 13:47 - 00000000 ____D () C:\windows\ERUNT
2014-04-18 09:54 - 2014-04-18 09:54 - 00000842 _____ () C:\Users\ED\Desktop\checkup.txt
2014-04-18 09:54 - 2014-04-16 15:26 - 00000000 ____D () C:\Users\ED\Desktop\FRST-OlderVersion
2014-04-18 09:50 - 2011-10-28 21:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-18 09:50 - 2010-10-24 20:01 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-16 17:01 - 2014-04-16 17:01 - 00038408 _____ () C:\Users\ED\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-16 16:57 - 2014-04-16 16:56 - 02302976 _____ () C:\backup.pst
2014-04-16 15:35 - 2010-10-28 12:04 - 00000000 ____D () C:\Program Files (x86)\Password Safe
2014-04-16 14:59 - 2014-04-16 14:59 - 00001141 _____ () C:\Users\ED\Desktop\mbam.txt
2014-04-16 14:36 - 2010-10-21 00:15 - 00000000 ____D () C:\Users\ED\AppData\Local\PDFC
2014-04-16 13:12 - 2010-10-21 06:01 - 00000000 ____D () C:\windows\rescache
2014-04-16 12:23 - 2014-04-16 12:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 12:23 - 2013-01-13 01:20 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 12:23 - 2010-10-28 12:04 - 00000000 ____D () C:\Users\ED\AppData\Roaming\Malwarebytes
2014-04-16 12:23 - 2010-10-28 12:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 12:21 - 2014-04-16 12:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\ED\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-15 15:38 - 2014-04-15 15:38 - 00000000 ____D () C:\Program Files (x86)\PasswdFinder
2014-04-15 15:34 - 2014-04-15 15:34 - 04546280 _____ (PasswdFinder ) C:\Users\ED\Downloads\Passwd25FinderInstaller.exe
2014-04-14 18:11 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 _____ () C:\windows\setuperr.log
2014-04-13 11:48 - 2012-07-03 23:35 - 00000000 ___DC () C:\Users\ED\AppData\Local\MigWiz
2014-04-13 11:48 - 2012-04-24 19:44 - 00000000 ____D () C:\windows\Minidump
2014-04-13 11:48 - 2009-07-27 17:04 - 00000000 ____D () C:\windows\Panther
2014-04-13 11:41 - 2014-04-13 11:41 - 03710504 _____ (Piriform Ltd) C:\Users\ED\Downloads\ccsetup412_slim.exe
2014-04-13 11:41 - 2014-04-13 11:41 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-13 11:41 - 2014-04-13 11:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\_von buro xp
2014-04-10 12:10 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-10 09:56 - 2014-04-10 09:56 - 02800104 _____ (AVAST Software) C:\Users\ED\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-04-09 12:10 - 2010-10-28 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:09 - 2013-09-09 03:02 - 00000000 ____D () C:\windows\system32\MRT
2014-04-09 12:05 - 2010-10-24 21:41 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 10:56 - 2014-04-09 10:55 - 10971424 _____ (SurfRight B.V.) C:\Users\ED\Downloads\HitmanPro_x64(1).exe
2014-04-06 23:39 - 2010-09-03 11:49 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-04-03 14:29 - 2014-04-03 14:28 - 18512672 _____ () C:\Users\ED\Downloads\Lexmark_Universal_UD0_Win_64_PS.exe
2014-04-03 14:11 - 2014-04-03 14:11 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 14:11 - 2014-04-03 14:11 - 00000000 ____D () C:\Users\ED\AppData\Local\Skype
2014-04-03 14:11 - 2010-09-30 00:08 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 09:51 - 2014-04-16 12:23 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-02-02 13:57 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2010-10-28 12:03 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-03 09:34 - 2011-03-02 00:24 - 00004098 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 09:34 - 2011-03-02 00:24 - 00003846 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 17:43 - 2014-04-02 17:41 - 00001362 _____ () C:\windows\SysWOW64\LexFiles.log
2014-04-02 17:41 - 2014-04-02 17:43 - 00000067 _____ () C:\windows\SysWOW64\Monitor.bak
2014-04-02 17:41 - 2014-04-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\lexmark

Some content of TEMP:
====================
C:\Users\ED\AppData\Local\Temp\avgnt.exe
C:\Users\ED\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6sgvle.dll
C:\Users\ED\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 14:55

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by ED at 2014-04-23 19:08:43
Running from C:\Users\ED\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{82C9101B-36EC-5821-DD8B-05480074A0B8}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 1.0.23.26 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.43.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
AVerMedia A850 USB DMB-TH 1.0.64.28 (HKLM-x32\...\AVerMedia A850 USB DMB-TH) (Version: 1.0.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
Avery Wizard 3.1 (HKLM-x32\...\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}) (Version: 3.1.5 - Avery)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.4.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.4.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
EASEUS Partition Master 6.5.2 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
etope 8 (HKLM-x32\...\etope_is1) (Version:  - Freshworx GmbH & Co. KG)
Face Recognition for HP ProtectTools (HKLM\...\{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}) (Version: 2.05.4140 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C3059B3-B804-42BB-909B-25864C7D33E3}) (Version: 1.6.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{014C6C60-4916-48F7-916E-E8048E12E9F1}) (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}) (Version: 1.0.9.0 - Hewlett-Packard Company)
HP Power Data (HKLM\...\{F2177395-FD90-44B0-AFB8-2E0566855E5C}) (Version: 1.0.31.182 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F487D}) (Version: 1.0.1.63 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{2BC0D0E6-13E7-4CCB-98ED-1D8CDF89D96B}) (Version: 4.0.59.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.9 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0024 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}) (Version: 4.0.6.0 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Lexmark Drucker-Software deinstallieren (HKLM-x32\...\Lexmark Printer Software Uninstall) (Version:  - )
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Macromedia Dreamweaver MX (HKLM-x32\...\{8B4AB829-DFD3-436D-B808-D9733D76C590}) (Version: 6.0 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Macromedia Fireworks MX (HKLM-x32\...\{930B2432-43D4-11D5-9871-00C04F8EEB39}) (Version: 6 - Macromedia)
Macromedia Flash MX (HKLM-x32\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.25 - PasswdFinder)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 6.0 - Heiko Schröder)
ModPlug Player (HKLM-x32\...\ModPlug Player v1.46_is1) (Version: 1.46 - Olivier Lapicque/MODPlug Central)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPEG2 Decoder (HKLM-x32\...\mpeg2dec) (Version:  - )
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Open-Xchange Updater (HKLM-x32\...\{AE40338F-CA94-4CB2-BEFF-CCF302FDDD64}) (Version: 6.18.9 - Open-Xchange Inc.)
OXtender 2 for Microsoft Outlook (HKLM-x32\...\{7D9E2F29-A00A-4AA1-BD76-D220041A2A8B}) (Version: 7.0.27 - Open-Xchange AG)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.11 - PDF Complete, Inc)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}) (Version: 5.10.796 - Hewlett-Packard)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (HKLM\...\Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1) (Version: 3.0.41.258 - Motorola, Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
TotalMedia Suite update (x32 Version: 1.0.0.1 - ArcSoft) Hidden
TradeManager 2013 Beta2 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}) (Version: 4.0.10.0 - Validity Sensors, Inc.)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)

==================== Restore Points  =========================

19-04-2014 07:58:15 Ende der Bereinigung
21-04-2014 19:12:45 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059BC5F6-C947-4C72-A33D-CEAF674F6596} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {191309CA-7EBF-4356-982F-7BC7248F0D8E} - System32\Tasks\{EC54675D-9E45-4F4C-8CF6-184A755F0F11} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {38E9AD66-2541-446A-BD68-1E77AA76FDB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {39458C7D-9622-432B-8DFC-0C07F1D94A51} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {532A5497-9E34-4EDE-9978-2E8339AAA14F} - System32\Tasks\{8BE1B655-91B6-4027-BB1A-7F56513F3EFA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {63F42CDB-56E6-4920-B1A1-BF07D8DEB651} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {88D41318-3A92-4D46-8F7C-33B8254072B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02] (Google Inc.)
Task: {BC59EC6F-A00C-4157-8E06-703378BED3A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02] (Google Inc.)
Task: {F0177670-0965-46C7-BB92-FCA04351ECDF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {FEA8884E-EA27-4130-994F-34FFF941B879} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-02-11 22:50 - 2010-02-11 22:50 - 00746256 _____ () C:\windows\system32\SUPSDK.dll
2009-11-23 18:24 - 2009-11-23 18:24 - 01412608 ____R () C:\windows\system32\LIBEAY32.dll
2010-04-20 09:10 - 2010-04-20 09:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-05-23 20:31 - 2009-12-07 07:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2012-05-22 09:31 - 2011-03-30 13:20 - 00327392 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2010-06-19 01:25 - 2010-06-19 01:25 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-06-19 01:25 - 2010-06-19 01:25 - 00055864 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2013-05-23 20:31 - 2009-08-01 03:06 - 00155648 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-04-05 22:00 - 2012-04-05 22:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-09 00:07 - 2013-09-08 23:57 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 15:00 - 2010-09-28 15:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-04-23 18:55 - 2014-04-23 18:55 - 00041984 _____ () c:\users\ed\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6sgvle.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\ED\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-16 20:56 - 2014-02-16 20:56 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-09-03 11:31 - 2010-03-04 06:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\fam.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 06:52:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/23/2014 09:38:39 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/23/2014 09:21:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/23/2014 09:12:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/22/2014 10:42:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/22/2014 04:25:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "1, 2, 0, 17" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (04/22/2014 04:22:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/22/2014 03:38:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/22/2014 01:59:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/22/2014 10:25:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (04/23/2014 06:52:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/23/2014 09:38:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/23/2014 09:21:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/23/2014 09:12:27 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/22/2014 10:45:32 PM) (Source: DCOM) (User: )
Description: {F5539356-2F02-40D4-999E-FA61F45FE12E}

Error: (04/22/2014 10:42:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/22/2014 03:38:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/22/2014 03:38:20 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎22.‎04.‎2014 um 15:32:37 unerwartet heruntergefahren.

Error: (04/22/2014 01:59:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/22/2014 10:25:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001


Microsoft Office Sessions:
=========================
Error: (04/11/2014 10:32:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1668 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (04/10/2014 02:14:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/04/2014 08:49:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/06/2014 07:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 246 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/03/2014 11:34:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 151 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/27/2014 10:48:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/22/2014 02:33:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/15/2014 00:08:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/10/2014 02:03:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/08/2014 07:50:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3951.43 MB
Available physical RAM: 1802.75 MB
Total Pagefile: 7901.04 MB
Available Pagefile: 5087.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:195.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 974D7BFF)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
         
Miniaturansicht angehängter Grafiken
-ipc.jpg  

Alt 24.04.2014, 12:32   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Obiges mit Revo und FF und zurücksetzen nochmal machen. Vor dem Neuinstallierne von FF aber folgenden Fix:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895\Extensions\foxmarks@kei.com [2014-04-21]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.04.2014, 20:07   #15
tomk33
 
Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Standard

Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los



Hallo, hier der Inhalt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
Ran by ED at 2014-04-29 19:35:33 Run:1
Running from C:\Users\ED\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF ProfilePath: C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 - C:\Program Files (x86)\Trademanager\nptrademanager.dll ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895\Extensions\foxmarks@kei.com [2014-04-21]
         
*****************

 => Should not be moved.
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
"C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => Key deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => Key deleted successfully.
c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0 => Key deleted successfully.
C:\Program Files (x86)\Trademanager\nptrademanager.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 => Key deleted successfully.
C:\Program Files (x86)\Trademanager\npwangwang.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0 => Key deleted successfully.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin => Key deleted successfully.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => Key deleted successfully.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5 => Key deleted successfully.
C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin => Key deleted successfully.
C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader => Key deleted successfully.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Moved successfully.
HKCU\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0 => Key deleted successfully.
C:\Program Files (x86)\Trademanager\npAliSSOLogin.dll => Moved successfully.
HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0} => Key deleted successfully.
C:\Users\ED\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll => Moved successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml" => not found.
C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\r3686sbh.default-1398108416895\Extensions\foxmarks@kei.com not found.

==== End of Fixlog ====
         

Antwort

Themen zu Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los
.com, anleitung, browsen, dinge, einfach, entferne, entfernen, fenster, firefox, hallo zusammen, hartnäckig, installieren, java, lpcloudsvr203.com, malware, mehrfach, natürlich, nervige, pop-ups, unerwünschte, updates, versucht, virus, würde, zusammen, öffnen, öffnet



Ähnliche Themen: Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los


  1. GVU Trojaner sehr hartnäckig- habe frst.txt erstellt und weiß nun nicht weiter
    Log-Analyse und Auswertung - 11.11.2014 (44)
  2. Advanced System Protector auf Win7 - ich werde es einfach nicht los!
    Log-Analyse und Auswertung - 03.09.2014 (12)
  3. Nation Zoom eingefangen und werde es einfach nicht mehr los
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (9)
  4. GVU sehr hartnäckig
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (25)
  5. Deltasearch in Firefox sehr hartnäckig
    Log-Analyse und Auswertung - 23.04.2013 (26)
  6. Sehr mysteriöses upload Problem (hartnäckig!)
    Netzwerk und Hardware - 03.09.2010 (1)
  7. BIOS/Firmware Virus/RK sehr hartnäckig und intelligent
    Plagegeister aller Art und deren Bekämpfung - 20.03.2010 (11)
  8. n.exe ich werde es einfach nicht los!!??
    Plagegeister aller Art und deren Bekämpfung - 02.03.2010 (12)
  9. Virus.Win32.Tenga.A sehr hartnäckig
    Log-Analyse und Auswertung - 30.01.2010 (13)
  10. Werde Virus (Adware.Maxifiles) einfach nicht los !
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (2)
  11. ...werde die Werbefenster einfach nicht los!
    Log-Analyse und Auswertung - 13.05.2008 (3)
  12. ständige Weiterleitung an unerwünschte Websites - werde Problem einfach nicht los
    Plagegeister aller Art und deren Bekämpfung - 04.02.2008 (0)
  13. Win32.Sober.Y@mm werde ich einfach nicht wieder los
    Plagegeister aller Art und deren Bekämpfung - 03.02.2006 (5)
  14. Autostart sehr hartnäckig.
    Alles rund um Windows - 12.09.2005 (9)
  15. Unbekannter Befall: Ich weiß einfach nicht wie ich es los werde
    Plagegeister aller Art und deren Bekämpfung - 01.05.2005 (3)
  16. about:blank - sehr hartnäckig / HJT log
    Log-Analyse und Auswertung - 07.01.2005 (1)
  17. ...Hilfe, ich werde ihn einfach nicht los
    Log-Analyse und Auswertung - 21.07.2004 (3)

Zum Thema Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los - Hallo zusammen, ich würde mich sehr über Eure Hilfe freuen. Leider öffnen sich beim browsen im Firefox häufig unerwünschte Pop Ups. Es ist sind verschienede Pop-Ups, häufig ist es ein - Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los...
Archiv
Du betrachtest: Lpcloudsvr203.com - sehr hartnäckig, werde ihn einfach nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.