Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Chrome von akamaiHD /facebook befallen (https://www.trojaner-board.de/142650-chrome-akamaihd-facebook-befallen.html)

helloagain 07.10.2013 08:49
Chrome von akamaiHD /facebook befallen
 
Moin Moin,

ich habe neuerdings Probleme mit meinem Rechner. Das Ganze stellt sich relativ harmlos da, was ich vermutlich no script zu verdanken habe in Chrome. Was passiert ist folgendes:
Direkt nach einem Starten des PC öffnet sich etwa nach jedem 10x boot direkt Chrome und öffnet 6 Tabs mit verschiedenen Adresse (siehe angehängtes Bild). Alle Seiten werden direkt von Noscript unterdrückt.
Wenn ich Chrome neustarte starten die Tabs übrigens nicht wieder mit, sondern nur direkt nach einem hochfahren des Rechners passiert dies, und das wie gesagt auch nur etwa bei jedem zehnten mal.

http://www.abload.de/img/save5zadt.jpg

Soweit ich das mir ergooglen konnte scheint das ja nicht ganz ohne zu sein, insofern hätte ich natürlich alles davon gerne Weg ;)

Die Logfiles sind im Anhang, da sie zu lang fürs direkte Posten waren!


Ich hoffe ihr habt nun alle Infos die Ihr braucht.
Besten Dank schon mal im Voraus!

schrauber 07.10.2013 09:11
hi,

Logs bitte immer in Codetags in den Thread posten, zur Not teilen.

helloagain 07.10.2013 09:22
Okay sorry, hatte das nur bei euch in den Hilfestellungen so gelesen, dass wenn Sie zu lang sind Sie als zip gepackt werden sollen. Splitte Sie nun auf mehere Posts auf.

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Calle (administrator) on CALLE-WORK on 07-10-2013 09:26:10
Running from D:\Downloads\programme
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Programme\QNAP\Finder\iSCSIAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(CMedia) C:\Program Files\ASUS Xonar D2 Audio\Customapp\ASUSAUDIOCENTER.EXE
() C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Facebook) C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Programme\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
( ) D:\Programme\Miranda IM\miranda32.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-22] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - D:\Programme\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {88da338a-bae3-11e2-bd58-002618a28e82} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {fad274e5-9694-11e1-81c1-002618a28e82} - H:\Autorun.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - D:\Programme\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
Startup: C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C6674472744CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - D:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Desktop) - C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Calle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Users\Calle\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (ScriptSafe) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Google Reader) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - D:\Programme\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] ()
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.)

==================== Drivers (Whitelisted) ====================

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2013-04-17] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S3 dcscusb; C:\Windows\System32\DRIVERS\dcscusb.sys [14848 2009-05-21] (Datacolor)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 P1C1394; C:\Windows\System32\DRIVERS\p1c1394.sys [39744 2012-10-23] (Phase One A/S)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-04 09:17 - 2013-10-04 09:20 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-07 09:10 - 00000728 _____ C:\Windows\setupact.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 08:54 - 2013-10-01 09:04 - 00000000 ____D C:\AdwCleaner
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 13:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:30 - 2013-09-30 12:31 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:21 - 2013-09-30 12:22 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-30 12:11 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-14 15:10 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-14 15:10 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-14 15:10 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-14 15:10 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-14 15:10 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-14 15:10 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-14 15:10 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-14 15:10 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-09-14 15:10 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-14 15:10 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-14 15:10 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-14 15:10 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-14 15:10 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-14 15:10 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-14 15:10 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-14 15:10 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-14 15:10 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-14 15:10 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-14 15:10 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-14 15:10 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-14 15:10 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-14 15:10 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 19:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 19:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 19:05 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:05 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 16:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 16:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 16:21 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 16:21 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 16:21 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 16:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:24 - 2012-04-22 11:32 - 00000000 ____D C:\Users\Calle
2013-10-07 09:21 - 2012-04-22 12:06 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Skype
2013-10-07 09:20 - 2012-04-22 13:28 - 00000000 ____D C:\Users\Calle\AppData\Local\Adobe
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-07 09:18 - 2013-02-10 18:49 - 00000675 _____ C:\Users\Calle\Desktop\Miranda IM.lnk
2013-10-07 09:18 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 09:18 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 09:14 - 2012-04-22 11:32 - 01515462 _____ C:\Windows\WindowsUpdate.log
2013-10-07 09:10 - 2013-10-01 14:50 - 00000728 _____ C:\Windows\setupact.log
2013-10-07 09:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 18:15 - 2012-05-19 17:59 - 00000000 ____D C:\Users\Calle\AppData\Roaming\TS3Client
2013-10-06 18:09 - 2012-04-22 11:38 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-06 17:51 - 2012-04-22 13:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 17:44 - 2012-04-22 14:47 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-06 13:16 - 2013-08-25 14:11 - 00000238 _____ C:\speedreport.txt
2013-10-06 11:44 - 2012-04-22 14:47 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-10-05 12:08 - 2012-04-22 12:58 - 00702954 _____ C:\Windows\system32\perfh007.dat
2013-10-05 12:08 - 2012-04-22 12:58 - 00150612 _____ C:\Windows\system32\perfc007.dat
2013-10-05 12:08 - 2009-07-14 07:13 - 01629370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 12:05 - 2013-04-28 19:01 - 00103059 _____ C:\Windows\SysWOW64\TVersityMediaServer.log
2013-10-04 18:01 - 2012-04-22 11:37 - 00000000 ____D C:\Users\Calle\AppData\Local\Deployment
2013-10-04 09:20 - 2013-10-04 09:17 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 10:11 - 2013-05-05 16:06 - 00002370 _____ C:\Users\Calle\Desktop\Google Chrome.lnk
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 14:50 - 2013-07-29 13:43 - 00000000 ____D C:\Programme
2013-10-01 14:49 - 2013-05-07 14:41 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 09:04 - 2013-10-01 08:54 - 00000000 ____D C:\AdwCleaner
2013-10-01 09:02 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 19:24 - 2013-09-30 12:11 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-30 13:06 - 2013-09-30 12:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:31 - 2013-09-30 12:30 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:22 - 2013-09-30 12:21 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-27 21:09 - 2012-04-22 11:38 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-09-23 17:59 - 2012-04-23 16:53 - 00000000 ____D C:\Zwischenspeicher
2013-09-20 10:40 - 2012-09-14 19:22 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Media Player Classic
2013-09-20 10:40 - 2012-04-22 21:25 - 00000000 ____D C:\Windows\Panther
2013-09-20 09:51 - 2012-04-22 13:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 09:51 - 2012-04-22 13:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 09:51 - 2012-04-22 13:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 09:38 - 2012-04-22 13:30 - 00000000 ____D C:\Program Files\Adobe
2013-09-20 09:34 - 2012-12-01 16:14 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-20 09:33 - 2012-04-22 13:31 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Mozilla
2013-09-20 09:33 - 2012-04-22 11:38 - 00000000 ____D C:\Users\Calle\AppData\Local\Google
2013-09-20 09:31 - 2012-04-22 13:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-20 09:25 - 2012-04-22 13:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-16 20:22 - 2013-04-28 21:28 - 00000000 ____D C:\Users\Calle\AppData\Roaming\vlc
2013-09-14 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 15:10 - 2012-04-22 11:34 - 00009178 _____ C:\Windows\system32\lvcoinst.log
2013-09-12 19:25 - 2009-07-14 06:45 - 05017856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:05 - 2013-08-14 15:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:05 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-09-12 19:04 - 2012-04-22 12:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 17:19 - 2012-04-22 13:29 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:42 - 2013-08-25 16:41 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-09-08 20:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Calle\AppData\Local\Temp\avgnt.exe
C:\Users\Calle\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 12:41

==================== End Of Log ============================
--- --- ---



Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Calle at 2013-10-07 09:26:42
Running from D:\Downloads\programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Creative Cloud (x32 Version: 2.0.0.183)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe® Content Viewer (x32 Version: 3.3.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ASUS Xonar D2 Audio Driver
Avira Free Antivirus (x32 Version: 14.0.0.383)
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (x32 Version: 1.2.0)
Canon Pro9000 II series Printer Driver
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.03)
ColorMunki Photo 1.1.1 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
DDC Driver 1.5 (x32)
Dota 2 (x32)
Duden Korrektor PLUS (x32 Version: 7.00.0000)
ElsterFormular (x32 Version: 14.3.11574)
EPSON Scan (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
FlashFXP v4.1 (x32 Version: 4.2.2.1760)
Google Chrome (HKCU Version: 30.0.1599.66)
Grand Theft Auto IV (x32)
Grand Theft Auto: Episodes from Liberty City (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
K-Lite Mega Codec Pack 8.6.0 (x32 Version: 8.6.0)
MetroTwit (HKCU Version: 1.1.0.3076)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Miranda IM 0.10.17 (x32 Version: 0.10.17)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
Notepad++ (x32 Version: 6.3.2)
OpenAL (x32)
Origin (x32 Version: 9.1.13.85)
PDF Settings CS5 (x32 Version: 10.0)
PDF Settings CS6 (x32 Version: 11.0)
PDF24 Creator 5.4.0 (x32)
Phocus 2.6.4 (Version: 2.6.4)
QNAP Finder (x32 Version: 3.5.0.209)
SDK (x32 Version: 1.40.002)
Sid Meier's Civilization V (x32)
SilverFast 8.0.1r26 (64bit) (x32 Version: 8.0.1r26)
SimCity™ (x32 Version: 1.0.0.0)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.13)
TeamViewer 8 (x32 Version: 8.0.17292)
TrueCrypt (x32 Version: 7.1a)
TVersity Codec Pack 1.7 (x32 Version: 1.7)
TVersity Media Server Pro 2.4 (x32 Version: 2.4)
UninstallDeviceDll 1.1 (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
UScreenCapture (x64) (Version: 2.0.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wacom Tablett (Version: 6.2.0w5)
WebTablet FB Plugin (x32 Version: 2.0.0.4)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
WinCDEmu (x32 Version: 3.3)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Phone app for desktop (x32 Version: 1.0.1720.1)
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 ) (Version: 02/11/2010 )
Windows-Treiberpaket - Phase One / Mamiya V-Grip USB Driver (09/28/2010 1.1.0.1) (Version: 09/28/2010 1.1.0.1)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
X-Rite Device ColorMunki Service (x32 Version: 1.0)
X-Rite Device Manager (x32 Version: 1.0)

==================== Restore Points  =========================

20-09-2013 07:31:50 Removed Adobe Help Manager
20-09-2013 07:33:28 Removed Google Talk Plugin
20-09-2013 07:37:33 Removed Bonjour
20-09-2013 07:38:07 Removed Adobe Photoshop Lightroom 4.3 64-bit.
30-09-2013 09:29:43 Geplanter Prüfpunkt
30-09-2013 09:48:42 Removed Facebook Video Calling 1.2.0.287
30-09-2013 11:32:02 Removed SplitMediaLabs VH Screen Capture Driver (x86)
01-10-2013 07:20:20 Removed Firmware Updater 3
01-10-2013 07:20:37 Removed Java(TM) 6 Update 16
01-10-2013 07:21:02 Microsoft Visual C++ 2005 Redistributable wird entfernt
01-10-2013 07:22:57 Removed Java(TM) 6 Update 31

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-25 16:47 - 00000915 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {01B5A069-8DB5-44AD-899E-95F2C74A43E8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {18533CCC-DB18-450F-A740-3A2656115C89} - System32\Tasks\{1DFFEC34-4622-4842-B10A-E74D45DE9AC1} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.114/de/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {30D50338-5F90-49B6-BF12-983B39253C87} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50E67C49-4B95-4930-B686-1A70135943EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core => C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.)
Task: {5AE2DD03-5A65-4203-8D78-14447D730AAF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8F14ECF9-80C8-4DFD-8FCB-71AC1CCD252E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA => C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22] (Google Inc.)
Task: {A6D52FC8-D73B-4F45-B3E1-D1A6A7E4FEBC} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {B7FFF9B9-1DAC-478E-917A-C3555D15B421} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {C26DC651-0BD1-4A89-A3A6-11A8BB584514} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C3694837-D79B-4726-8E6F-0E27D0D0C1C0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C6E6F0D3-13A2-4156-BA8A-DED5EA04F91F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA => C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D48199D7-E5E2-4844-8D2C-AA3AE3A05358} - System32\Tasks\iSCSIAgentAutoStartup => C:\Programme\QNAP\Finder\iSCSIAgent.exe [2012-02-09] ()
Task: {E88F7513-30B5-4787-92A1-C025E66B650C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File
Task: {F0427D9D-552A-4FA2-AEF0-09B6BCD20856} - System32\Tasks\AdobeAAMUpdater-1.0-Calle-Work-Calle => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {FF072A19-BF3A-49A3-AED4-D2FEAACB17DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core => C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job => C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job => C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job => C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job => C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-23 17:01 - 2012-01-23 08:38 - 01184632 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-06-20 00:45 - 2013-06-20 00:45 - 03317616 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-04-22 13:03 - 2012-02-17 20:55 - 00193536 _____ () D:\Programme\WinRAR\rarext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () D:\Programme\Notepad++\NppShell_05.dll
2013-02-25 10:26 - 2013-02-25 10:25 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-19 13:06 - 2012-02-09 09:25 - 01015920 _____ () C:\Programme\QNAP\Finder\NetworkStorageManagement.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00102184 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll
2013-03-06 05:02 - 2013-03-06 05:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium.dll
2011-12-17 23:15 - 2011-12-17 23:15 - 00081704 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll
2011-12-17 23:15 - 2011-12-17 23:15 - 00556840 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 04534072 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00083768 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00313640 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00795448 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2011-12-17 23:15 - 2011-12-17 23:15 - 00203064 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-12-17 23:15 - 2011-12-17 23:15 - 00562072 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2011-12-17 23:14 - 2011-12-17 23:14 - 00039208 _____ () C:\ProgramData\TVersity\Media Server\IM_MOD_RL_JPEG_.dll
2012-04-22 13:26 - 2011-04-19 14:56 - 00143360 ____N () C:\Program Files\ASUS Xonar D2 Audio\Customapp\VmixP8.dll
2013-07-29 13:44 - 2009-10-22 14:33 - 07053312 _____ () C:\Programme\X-Rite\ColorMunki Photo\Tools\QtGui4.dll
2013-07-29 13:44 - 2009-10-22 14:33 - 01970176 _____ () C:\Programme\X-Rite\ColorMunki Photo\Tools\QtCore4.dll
2013-07-29 13:44 - 2009-10-22 14:29 - 00131072 _____ () C:\Programme\X-Rite\ColorMunki Photo\Tools\imageformats\qjpeg4.dll
2013-07-29 13:44 - 2009-10-22 14:29 - 00278528 _____ () C:\Programme\X-Rite\ColorMunki Photo\Tools\imageformats\qtiff4.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00292272 _____ () C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 21014960 _____ () C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00179632 _____ () C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2013-06-13 22:11 - 2013-06-13 22:11 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-09-03 15:54 - 2013-09-03 15:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-07-29 13:43 - 2008-09-03 16:12 - 02592768 _____ () C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\colormunki.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-03-06 05:02 - 2013-03-06 05:02 - 33073664 _____ () C:\ProgramData\TVersity\Media Server\berkelium\berkelium.dll
2013-03-06 05:02 - 2013-03-06 05:02 - 01305102 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avcodec-52.dll
2013-03-06 05:02 - 2013-03-06 05:02 - 00096782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avutil-50.dll
2013-03-06 05:02 - 2013-03-06 05:02 - 00160782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avformat-52.dll
2013-06-20 00:45 - 2013-06-20 00:45 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-10-03 10:11 - 2013-09-26 21:07 - 00698832 _____ () C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\libglesv2.dll
2013-10-03 10:11 - 2013-09-26 21:07 - 00099792 _____ () C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\libegl.dll
2013-10-03 10:11 - 2013-09-26 21:08 - 04055504 _____ () C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll
2013-10-03 10:11 - 2013-09-26 21:08 - 00415184 _____ () C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll
2013-10-03 10:11 - 2013-09-26 21:07 - 01604560 _____ () C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.66\ffmpegsumo.dll
2013-09-11 19:55 - 2013-09-11 19:55 - 00057432 _____ () D:\Programme\Miranda IM\zlib.dll
2013-09-11 19:55 - 2013-09-11 19:55 - 00036961 _____ () D:\Programme\Miranda IM\Plugins\dbx_mmap.dll
2013-09-11 19:55 - 2013-09-11 19:55 - 00061538 _____ () D:\Programme\Miranda IM\Plugins\clist_classic.dll
2013-09-11 19:54 - 2013-09-11 19:54 - 00203869 _____ () D:\Programme\Miranda IM\Plugins\aim.dll
2013-09-11 19:55 - 2013-09-11 19:55 - 00245848 _____ () D:\Programme\Miranda IM\Plugins\chat.dll
2013-09-11 19:55 - 2013-09-11 19:55 - 00339550 _____ () D:\Programme\Miranda IM\Plugins\icq.dll
2013-09-11 19:54 - 2013-09-11 19:54 - 00379993 _____ () D:\Programme\Miranda IM\Plugins\irc.dll
2013-09-11 19:57 - 2013-09-11 19:57 - 00090200 _____ () D:\Programme\Miranda IM\Plugins\srmm.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2013 09:10:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 05:10:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 03:32:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 11:26:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2013 00:41:30 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (10/05/2013 00:05:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2013 09:23:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2013 08:23:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 04:51:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 10:06:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/07/2013 09:12:41 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (10/07/2013 09:10:41 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07

Error: (10/06/2013 05:12:53 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (10/06/2013 05:10:53 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07

Error: (10/06/2013 05:10:36 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎10.‎2013 um 17:08:38 unerwartet heruntergefahren.

Error: (10/06/2013 03:35:01 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (10/06/2013 03:33:00 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07

Error: (10/06/2013 11:28:24 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc

Error: (10/06/2013 11:26:23 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07

Error: (10/05/2013 00:07:41 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc


Microsoft Office Sessions:
=========================
Error: (10/07/2013 09:10:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 05:10:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 03:32:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2013 11:26:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2013 00:41:30 PM) (Source: SideBySide)(User: )
Description: d:\Programme\Duden\Duden Korrektor\adxloader.dll.Manifestd:\Programme\Duden\Duden Korrektor\adxloader.dll.Manifest2

Error: (10/05/2013 00:05:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2013 09:23:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2013 08:23:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 04:51:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 10:06:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-07 09:10:18.173
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-07 09:10:18.111
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 17:10:30.719
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 17:10:30.657
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 15:32:38.657
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 15:32:38.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 11:26:01.563
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-06 11:26:01.516
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-05 12:05:18.626
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-05 12:05:18.579
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 16375.05 MB
Available physical RAM: 13497.46 MB
Total Pagefile: 32748.29 MB
Available Pagefile: 29496.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:150.06 GB) NTFS
Drive d: () (Fixed) (Total:616.01 GB) (Free:361.89 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:232.68 GB) NTFS
Drive f: () (Fixed) (Total:781.25 GB) (Free:363.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 06ADB4E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 3EEE3292)
Partition 1: (Not Active) - (Size=616 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=781 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 233 GB) (Disk ID: 11491149)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

helloagain 07.10.2013 09:23
Und hier noch
GMER:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-07 09:42:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 M4-CT256M4SSD2 rev.0309 238,47GB
Running: uywlbc81.exe; Driver: C:\Users\Calle\AppData\Local\Temp\ugldqaod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                00000000756e1465 2 bytes [6E, 75]
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                          0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                        0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                                                        000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                                                      000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                                                000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                                                000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Programme\QNAP\Finder\iSCSIAgent.exe[1152] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate                                              000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000756e1465 2 bytes [6E, 75]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 217                  000000006ad82671 4 bytes [C0, 2D, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 232                  000000006ad82680 4 bytes [C0, 2D, 01, 01]
.text  ...                                                                                                                                                  * 7
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_chroma_sub_sample + 8      000000006ae63fa8 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_name + 14          000000006ae63fd2 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_pix_fmt_string + 94            000000006ae64046 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_is_hwaccel_pix_fmt + 10            000000006ae6408a 4 bytes [47, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 36                  000000006ae641b8 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 150                000000006ae6422a 4 bytes [4A, 31, 01, 01]
.text  ...                                                                                                                                                  * 7
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 82                  000000006ae643e6 4 bytes [46, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 138                  000000006ae6441e 4 bytes [46, 31, 01, 01]
.text  ...                                                                                                                                                  * 2
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 503                000000006ae64737 4 bytes [45, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 554                000000006ae6476a 4 bytes [46, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 97          000000006ae64959 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 108        000000006ae64964 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 57        000000006ae64af9 4 bytes [45, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 91        000000006ae64b1b 4 bytes [44, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_get_plane_bytewidth + 122          000000006ae64cf2 4 bytes [45, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 352                  000000006ae64e6c 4 bytes [46, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 567                  000000006ae64f43 4 bytes [45, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_crop + 68                  000000006ae65614 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_pad + 617                  000000006ae658e1 4 bytes [40, 31, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 209    000000006ae7d195 4 bytes [C0, 2D, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 342    000000006ae7d21a 4 bytes [C0, 2D, 01, 01]
.text  ...                                                                                                                                                  * 5
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_estimate_p_frame_motion + 996      000000006aeb9754 4 bytes [C0, 2B, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 734                    000000006af4aff6 4 bytes [C1, 2B, 01, 01]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 931                    000000006af4b0bb 4 bytes [C0, 2B, 01, 01]
.text  ...                                                                                                                                                  * 2
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[2560] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_align_dimensions + 21          000000006afb4965 4 bytes [45, 31, 01, 01]
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                    0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                  0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                                                                        000000006f54451e 5 bytes JMP 000000011000ab40
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                                                                        000000006f544b6d 5 bytes JMP 000000011000abb0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader                                                              000000006f544bf2 5 bytes JMP 000000011000ac90
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader                                                                000000006f544f0f 5 bytes JMP 000000011000ac50
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                                                                        000000006f544f7b 5 bytes JMP 000000011000ac10
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                                                                          000000006f549054 5 bytes JMP 000000011000ad10
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                                                                        000000006f54adf9 5 bytes JMP 000000011000abe0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume                                                                    000000006f5652e8 5 bytes JMP 000000011000acd0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume                                                                    000000006f56535f 5 bytes JMP 000000011000acf0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInClose                                                                        000000006f5659cc 5 bytes JMP 000000011000ae40
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader                                                                000000006f565a6a 5 bytes JMP 000000011000aec0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader                                                              000000006f565ad7 5 bytes JMP 000000011000af00
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                                                                    000000006f565b5b 5 bytes JMP 000000011000af40
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInStart                                                                        000000006f565bba 5 bytes JMP 000000011000af80
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInStop                                                                          000000006f565bee 5 bytes JMP 000000011000b000
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInReset                                                                        000000006f565c22 5 bytes JMP 000000011000b060
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition                                                                  000000006f565c67 5 bytes JMP 000000011000b0d0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                                                                  000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                                                                000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                                                          000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                                                          000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Windows\SysWOW64\HsMgr.exe[2616] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate                                                        000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutClose                                                                        000007fef72036ac 5 bytes JMP 000007fefece01f0
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader                                                              000007fef7203770 5 bytes JMP 000007fefece0298
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutOpen                                                                        000007fef72038d0 5 bytes JMP 000007fefece01b8
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader                                                                000007fef7203ca4 5 bytes JMP 000007fefece0260
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutWrite                                                                        000007fef7203d40 5 bytes JMP 000007fefece0228
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInOpen                                                                          000007fef7207fe0 7 bytes JMP 000007fefece0378
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutReset                                                                        000007fef720a38c 5 bytes JMP 000007fefece02d0
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutGetVolume                                                                    000007fef72249f0 5 bytes JMP 000007fefece0308
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveOutSetVolume                                                                    000007fef7224ab0 5 bytes JMP 000007fefece0340
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInClose                                                                        000007fef72252e0 5 bytes JMP 000007fefece03b0
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInPrepareHeader                                                                000007fef72253c0 5 bytes JMP 000007fefece0490
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader                                                              000007fef7225454 5 bytes JMP 000007fefece04c8
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInAddBuffer                                                                    000007fef7225514 5 bytes JMP 000007fefece0500
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInStart                                                                        000007fef72255a4 6 bytes JMP 000007fefece03e8
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInStop                                                                          000007fef72255e4 6 bytes JMP 000007fefece0420
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInReset                                                                        000007fef7225624 5 bytes JMP 000007fefece0458
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\WINMM.dll!waveInGetPosition                                                                  000007fef722567c 5 bytes JMP 000007fefece0538
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8                                                                000007fef5866944 7 bytes JMP 000007fefece0180
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\DSOUND.dll!DirectSoundCreate                                                                  000007fef5885a84 7 bytes JMP 000007fefece0148
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate                                                          000007fef5885b90 7 bytes JMP 000007fefece0570
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8                                                          000007fef5885c94 7 bytes JMP 000007fefece05a8
.text  C:\Windows\system\HsMgr64.exe[2628] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate                                                        000007fef5885da8 5 bytes JMP 000007fefece05e0
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance                            0000000074e79d0b 5 bytes JMP 000000010030a4d0
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                          0000000074e79d4e 5 bytes JMP 000000010030a630
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000756e1465 2 bytes [6E, 75]
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                          000000006d647e3d 5 bytes JMP 000000010030a690
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                          000000006d67de69 5 bytes JMP 000000010030a770
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                    000000006d68d2c5 5 bytes JMP 000000010030a8a0
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                  000000006d68d371 5 bytes JMP 000000010030a990
.text  C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate                000000006d68d429 5 bytes JMP 000000010030aa80
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\syswow64\ole32.dll!CoCreateInstance                0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx              0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                      000000006f54451e 5 bytes JMP 000000011000ab40
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                    000000006f544b6d 5 bytes JMP 000000011000abb0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader          000000006f544bf2 5 bytes JMP 000000011000ac90
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader            000000006f544f0f 5 bytes JMP 000000011000ac50
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                    000000006f544f7b 5 bytes JMP 000000011000ac10
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                      000000006f549054 5 bytes JMP 000000011000ad10
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                    000000006f54adf9 5 bytes JMP 000000011000abe0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume                000000006f5652e8 5 bytes JMP 000000011000acd0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume                000000006f56535f 5 bytes JMP 000000011000acf0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInClose                      000000006f5659cc 5 bytes JMP 000000011000ae40
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader              000000006f565a6a 5 bytes JMP 000000011000aec0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader            000000006f565ad7 5 bytes JMP 000000011000af00
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                  000000006f565b5b 5 bytes JMP 000000011000af40
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInStart                      000000006f565bba 5 bytes JMP 000000011000af80
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInStop                      000000006f565bee 5 bytes JMP 000000011000b000
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInReset                      000000006f565c22 5 bytes JMP 000000011000b060
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition                000000006f565c67 5 bytes JMP 000000011000b0d0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate              000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8              000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate        000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8      000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate    000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        00000000756e1465 2 bytes [6E, 75]
.text  C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000756e1465 2 bytes [6E, 75]
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\syswow64\ole32.dll!CoCreateInstance                        0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                      0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                      000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                      000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8              000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[2960] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate            000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000756e1465 2 bytes [6E, 75]
.text  C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                  0000000074e79d0b 5 bytes JMP 000000010011a4d0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                0000000074e79d4e 5 bytes JMP 000000010011a630
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                                        000000006f54451e 5 bytes JMP 000000010011ab40
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                                      000000006f544b6d 5 bytes JMP 000000010011abb0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader                            000000006f544bf2 5 bytes JMP 000000010011ac90
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader                              000000006f544f0f 5 bytes JMP 000000010011ac50
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                                      000000006f544f7b 5 bytes JMP 000000010011ac10
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                                        000000006f549054 5 bytes JMP 000000010011ad10
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                                      000000006f54adf9 5 bytes JMP 000000010011abe0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume                                  000000006f5652e8 5 bytes JMP 000000010011acd0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume                                  000000006f56535f 5 bytes JMP 000000010011acf0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInClose                                        000000006f5659cc 5 bytes JMP 000000010011ae40
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader                                000000006f565a6a 5 bytes JMP 000000010011aec0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader                              000000006f565ad7 5 bytes JMP 000000010011af00
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                                    000000006f565b5b 5 bytes JMP 000000010011af40
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInStart                                        000000006f565bba 5 bytes JMP 000000010011af80
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInStop                                        000000006f565bee 5 bytes JMP 000000010011b000
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInReset                                        000000006f565c22 5 bytes JMP 000000010011b060
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition                                  000000006f565c67 5 bytes JMP 000000010011b0d0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                                000000006d647e3d 5 bytes JMP 000000010011a690
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                                000000006d67de69 5 bytes JMP 000000010011a770
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                          000000006d68d2c5 5 bytes JMP 000000010011a8a0
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                        000000006d68d371 5 bytes JMP 000000010011a990
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[2100] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate                      000000006d68d429 5 bytes JMP 000000010011aa80
.text  C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000756e1465 2 bytes [6E, 75]
.text  C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\syswow64\ole32.dll!CoCreateInstance              0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx            0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                    000000006f54451e 5 bytes JMP 000000011000ab40
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                  000000006f544b6d 5 bytes JMP 000000011000abb0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader        000000006f544bf2 5 bytes JMP 000000011000ac90
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader          000000006f544f0f 5 bytes JMP 000000011000ac50
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                  000000006f544f7b 5 bytes JMP 000000011000ac10
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                    000000006f549054 5 bytes JMP 000000011000ad10
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                  000000006f54adf9 5 bytes JMP 000000011000abe0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume              000000006f5652e8 5 bytes JMP 000000011000acd0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume              000000006f56535f 5 bytes JMP 000000011000acf0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInClose                    000000006f5659cc 5 bytes JMP 000000011000ae40
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader            000000006f565a6a 5 bytes JMP 000000011000aec0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader          000000006f565ad7 5 bytes JMP 000000011000af00
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                000000006f565b5b 5 bytes JMP 000000011000af40
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInStart                    000000006f565bba 5 bytes JMP 000000011000af80
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInStop                    000000006f565bee 5 bytes JMP 000000011000b000
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInReset                    000000006f565c22 5 bytes JMP 000000011000b060
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition              000000006f565c67 5 bytes JMP 000000011000b0d0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate            000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8            000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate      000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8    000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe[3312] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate  000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                          000000007733f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                          000000007733f9bb 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                000000007733fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                              000000007733fbff 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                    000000007733fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                  000000007733fc2f 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                            000000007733fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                            000000007733fc47 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                              000000007733fc55 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                              000000007733fc5f 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                            000000007733fc85 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                            000000007733fc8f 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                              000000007733fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                            000000007733fd0f 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                            000000007733fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                            000000007733fd27 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                      000000007733fd69 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                      000000007733fd73 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                            000000007733fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                          000000007733fe6b 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                    00000000773400b9 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                    00000000773400c3 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                              00000000773410c5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                              00000000773410cf 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                    000000007734113d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                    0000000077341147 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                        0000000077341341 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                      000000007734134b 1 byte [90]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000756e1465 2 bytes [6E, 75]
.text  C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\syswow64\ole32.dll!CoCreateInstance                          0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                        0000000074e79d4e 5 bytes JMP 000000011000a630
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000756e1465 2 bytes [6E, 75]
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                              000000006f54451e 5 bytes JMP 000000011000ab40
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                              000000006f544b6d 5 bytes JMP 000000011000abb0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader                    000000006f544bf2 5 bytes JMP 000000011000ac90
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader                      000000006f544f0f 5 bytes JMP 000000011000ac50
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                              000000006f544f7b 5 bytes JMP 000000011000ac10
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                                000000006f549054 5 bytes JMP 000000011000ad10
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                              000000006f54adf9 5 bytes JMP 000000011000abe0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume                          000000006f5652e8 5 bytes JMP 000000011000acd0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume                          000000006f56535f 5 bytes JMP 000000011000acf0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInClose                              000000006f5659cc 5 bytes JMP 000000011000ae40
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader                      000000006f565a6a 5 bytes JMP 000000011000aec0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader                    000000006f565ad7 5 bytes JMP 000000011000af00
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                          000000006f565b5b 5 bytes JMP 000000011000af40
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInStart                              000000006f565bba 5 bytes JMP 000000011000af80
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInStop                                000000006f565bee 5 bytes JMP 000000011000b000
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInReset                              000000006f565c22 5 bytes JMP 000000011000b060
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition                        000000006f565c67 5 bytes JMP 000000011000b0d0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                        000000006d647e3d 5 bytes JMP 000000011000a690
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                      000000006d67de69 5 bytes JMP 000000011000a770
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                000000006d68d371 5 bytes JMP 000000011000a990
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[4396] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate              000000006d68d429 5 bytes JMP 000000011000aa80
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000756e1465 2 bytes [6E, 75]
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756e14bb 2 bytes [6E, 75]
.text  ...                                                                                                                                                  * 2
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen                                                                  000000006f54451e 5 bytes JMP 000000011000ab40
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutClose                                                                  000000006f544b6d 5 bytes JMP 000000011000abb0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader                                                        000000006f544bf2 5 bytes JMP 000000011000ac90
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader                                                          000000006f544f0f 5 bytes JMP 000000011000ac50
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite                                                                  000000006f544f7b 5 bytes JMP 000000011000ac10
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInOpen                                                                    000000006f549054 5 bytes JMP 000000011000ad10
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutReset                                                                  000000006f54adf9 5 bytes JMP 000000011000abe0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume                                                              000000006f5652e8 5 bytes JMP 000000011000acd0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume                                                              000000006f56535f 5 bytes JMP 000000011000acf0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInClose                                                                  000000006f5659cc 5 bytes JMP 000000011000ae40
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader                                                          000000006f565a6a 5 bytes JMP 000000011000aec0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader                                                        000000006f565ad7 5 bytes JMP 000000011000af00
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer                                                              000000006f565b5b 5 bytes JMP 000000011000af40
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInStart                                                                  000000006f565bba 5 bytes JMP 000000011000af80
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInStop                                                                    000000006f565bee 5 bytes JMP 000000011000b000
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInReset                                                                  000000006f565c22 5 bytes JMP 000000011000b060
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition                                                            000000006f565c67 5 bytes JMP 000000011000b0d0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate                                                            000000006d647e3d 5 bytes JMP 000000011000a690
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8                                                          000000006d67de69 5 bytes JMP 000000011000a770
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate                                                    000000006d68d2c5 5 bytes JMP 000000011000a8a0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8                                                    000000006d68d371 5 bytes JMP 000000011000a990
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate                                                  000000006d68d429 5 bytes JMP 000000011000aa80
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                              0000000074e79d0b 5 bytes JMP 000000011000a4d0
.text  D:\Downloads\programme\uywlbc81.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx                                                            0000000074e79d4e 5 bytes JMP 000000011000a630

---- EOF - GMER 2.1 ----
Sofern ich das richtig verstanden habe ist defrogger ja nicht notwendig als Log, solange er kein Fehler ausgeworfen hat - richtig?

Hoffe nun ist alles so wie es soll ;)

schrauber 07.10.2013 20:32
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

helloagain 08.10.2013 07:56
Moin Moin,

hier die Logparade:
Malwarebytes
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Calle :: CALLE-WORK [Administrator]

Schutz: Deaktiviert

08.10.2013 08:32:27
mbam-log-2013-10-08 (08-32-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | PUP | PUM
Deaktivierte Suchlaufeinstellungen: HeuristiKs/Shuriken | P2P
Durchsuchte Objekte: 202020
Laufzeit: 2 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 08/10/2013 um 08:40:53
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Calle - CALLE-WORK
# Gestartet von : D:\Downloads\programme\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ Datei : C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2308 octets] - [01/10/2013 09:03:18]
AdwCleaner[R1].txt - [900 octets] - [08/10/2013 08:39:48]
AdwCleaner[S0].txt - [2371 octets] - [01/10/2013 09:04:32]
AdwCleaner[S1].txt - [822 octets] - [08/10/2013 08:40:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [881 octets] ##########


JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Calle on 08.10.2013 at  8:44:33,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2013 at  8:48:31,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Calle (administrator) on CALLE-WORK on 08-10-2013 08:50:42
Running from D:\Downloads\programme
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Programme\QNAP\Finder\iSCSIAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar D2 Audio\Customapp\ASUSAUDIOCENTER.EXE
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
() C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Facebook) C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Programme\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-22] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - D:\Programme\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {88da338a-bae3-11e2-bd58-002618a28e82} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {fad274e5-9694-11e1-81c1-002618a28e82} - H:\Autorun.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - D:\Programme\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
Startup: C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C6674472744CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - D:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Desktop) - C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Calle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Users\Calle\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (ScriptSafe) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Google Reader) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - D:\Programme\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] ()
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.)

==================== Drivers (Whitelisted) ====================

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2013-04-17] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S3 dcscusb; C:\Windows\System32\DRIVERS\dcscusb.sys [14848 2009-05-21] (Datacolor)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 P1C1394; C:\Windows\System32\DRIVERS\p1c1394.sys [39744 2012-10-23] (Phase One A/S)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 08:49 - 2013-10-08 08:40 - 00000960 _____ C:\Users\Calle\Desktop\AdwCleaner[S1].txt
2013-10-08 08:48 - 2013-10-08 08:48 - 00000625 _____ C:\Users\Calle\Desktop\JRT.txt
2013-10-08 08:31 - 2013-10-08 08:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 08:31 - 2013-10-08 08:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 08:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-07 17:05 - 2013-10-07 17:05 - 00000600 _____ C:\Users\Calle\AppData\Roaming\winscp.rnd
2013-10-07 14:15 - 2013-10-07 14:15 - 00000716 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-10-07 09:34 - 2013-10-07 09:35 - 00077077 _____ C:\Users\Calle\Desktop\Neues Textdokument.txt
2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-04 09:17 - 2013-10-04 09:20 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-08 08:42 - 00000952 _____ C:\Windows\setupact.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 08:54 - 2013-10-08 08:40 - 00000000 ____D C:\AdwCleaner
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 13:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:30 - 2013-09-30 12:31 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:21 - 2013-09-30 12:22 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-30 12:11 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-14 15:10 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-14 15:10 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-14 15:10 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-14 15:10 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-14 15:10 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-14 15:10 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-14 15:10 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-14 15:10 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-09-14 15:10 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-14 15:10 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-14 15:10 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-14 15:10 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-14 15:10 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-14 15:10 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-14 15:10 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-14 15:10 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-14 15:10 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-14 15:10 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-14 15:10 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-14 15:10 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-14 15:10 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-14 15:10 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 19:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 19:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 19:05 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:05 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 16:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 16:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 16:21 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 16:21 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 16:21 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 16:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-08 08:51 - 2012-04-22 13:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 08:49 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 08:49 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 08:48 - 2013-10-08 08:48 - 00000625 _____ C:\Users\Calle\Desktop\JRT.txt
2013-10-08 08:44 - 2012-04-22 14:47 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-08 08:43 - 2012-04-22 12:06 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Skype
2013-10-08 08:42 - 2013-10-01 14:50 - 00000952 _____ C:\Windows\setupact.log
2013-10-08 08:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 08:41 - 2012-04-22 11:32 - 01546228 _____ C:\Windows\WindowsUpdate.log
2013-10-08 08:40 - 2013-10-08 08:49 - 00000960 _____ C:\Users\Calle\Desktop\AdwCleaner[S1].txt
2013-10-08 08:40 - 2013-10-01 08:54 - 00000000 ____D C:\AdwCleaner
2013-10-08 08:39 - 2012-04-22 13:28 - 00000000 ____D C:\Users\Calle\AppData\Local\Adobe
2013-10-08 08:31 - 2013-10-08 08:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 08:31 - 2013-10-08 08:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-07 19:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-07 19:48 - 2012-06-12 11:47 - 00000000 ____D C:\Users\Calle\AppData\Roaming\TeamViewer
2013-10-07 19:48 - 2012-04-22 13:07 - 01648846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-07 19:48 - 2012-04-22 12:58 - 00702954 _____ C:\Windows\system32\perfh007.dat
2013-10-07 19:48 - 2012-04-22 12:58 - 00150612 _____ C:\Windows\system32\perfc007.dat
2013-10-07 19:46 - 2013-04-28 19:01 - 00103951 _____ C:\Windows\SysWOW64\TVersityMediaServer.log
2013-10-07 18:17 - 2012-05-19 17:59 - 00000000 ____D C:\Users\Calle\AppData\Roaming\TS3Client
2013-10-07 18:09 - 2012-04-22 11:38 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-07 17:05 - 2013-10-07 17:05 - 00000600 _____ C:\Users\Calle\AppData\Roaming\winscp.rnd
2013-10-07 15:11 - 2013-05-05 16:06 - 00002370 _____ C:\Users\Calle\Desktop\Google Chrome.lnk
2013-10-07 14:15 - 2013-10-07 14:15 - 00000716 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-10-07 14:15 - 2013-07-29 13:43 - 00000000 ____D C:\Programme
2013-10-07 12:46 - 2012-04-23 16:53 - 00000000 ____D C:\Zwischenspeicher
2013-10-07 11:44 - 2012-04-22 14:47 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-10-07 09:35 - 2013-10-07 09:34 - 00077077 _____ C:\Users\Calle\Desktop\Neues Textdokument.txt
2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:24 - 2012-04-22 11:32 - 00000000 ____D C:\Users\Calle
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-07 09:18 - 2013-02-10 18:49 - 00000675 _____ C:\Users\Calle\Desktop\Miranda IM.lnk
2013-10-06 13:16 - 2013-08-25 14:11 - 00000238 _____ C:\speedreport.txt
2013-10-05 12:08 - 2009-07-14 07:13 - 01629370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 18:01 - 2012-04-22 11:37 - 00000000 ____D C:\Users\Calle\AppData\Local\Deployment
2013-10-04 09:20 - 2013-10-04 09:17 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 14:49 - 2013-05-07 14:41 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 09:02 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 19:24 - 2013-09-30 12:11 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-30 13:06 - 2013-09-30 12:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:31 - 2013-09-30 12:30 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:22 - 2013-09-30 12:21 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-27 21:09 - 2012-04-22 11:38 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-09-20 10:40 - 2012-09-14 19:22 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Media Player Classic
2013-09-20 10:40 - 2012-04-22 21:25 - 00000000 ____D C:\Windows\Panther
2013-09-20 09:51 - 2012-04-22 13:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 09:51 - 2012-04-22 13:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 09:51 - 2012-04-22 13:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 09:38 - 2012-04-22 13:30 - 00000000 ____D C:\Program Files\Adobe
2013-09-20 09:34 - 2012-12-01 16:14 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-20 09:33 - 2012-04-22 13:31 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Mozilla
2013-09-20 09:33 - 2012-04-22 11:38 - 00000000 ____D C:\Users\Calle\AppData\Local\Google
2013-09-20 09:31 - 2012-04-22 13:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-20 09:25 - 2012-04-22 13:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-16 20:22 - 2013-04-28 21:28 - 00000000 ____D C:\Users\Calle\AppData\Roaming\vlc
2013-09-14 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 15:10 - 2012-04-22 11:34 - 00009178 _____ C:\Windows\system32\lvcoinst.log
2013-09-12 19:25 - 2009-07-14 06:45 - 05017856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:05 - 2013-08-14 15:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:05 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-09-12 19:04 - 2012-04-22 12:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 17:19 - 2012-04-22 13:29 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:42 - 2013-08-25 16:41 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

Some content of TEMP:
====================
C:\Users\Calle\AppData\Local\Temp\avgnt.exe
C:\Users\Calle\AppData\Local\Temp\Quarantine.exe
C:\Users\Calle\AppData\Local\Temp\secuniasi2454250748480806530.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 12:41

==================== End Of Log ============================
--- --- ---

--- --- ---


Eine Sache hatte ich vergessen zu erwähnen - vor 7 Tagen hatte ich auf google anraten einmal AdwCleaner schon mal drüber laufen lassen.. tut mir leid das ich das nicht vorher schon erwähnt hatte. Habe den Log gerade beim kopieren des neuen gesehen.


Alter (7 Tage alter) AdwCleaner Log:
Code:
# AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 09:04:32
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Calle - CALLE-WORK
# Gestartet von : C:\Users\Calle\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Calle\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ Datei : C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2308 octets] - [01/10/2013 09:03:18]
AdwCleaner[S0].txt - [2219 octets] - [01/10/2013 09:04:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2279 octets] ##########
Ich hoffe das ist kein Problem :l

Beste Grüße & danke!

schrauber 08.10.2013 09:10

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

helloagain 08.10.2013 11:07
ESET Log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c02fb9c063cff443b3e7aa4f51e9862f
# engine=15398
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 09:56:01
# local_time=2013-10-08 11:56:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12338 19449085 5126 0
# compatibility_mode=5893 16776574 100 94 7580352 132856011 0 0
# scanned=265692
# found=0
# cleaned=0
# scan_time=5011
Bei SecurityCheck bekomme ich folgendes:
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
läuft also nicht an - win7 64bit :l keine Ahnung woran es liegt


FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Calle (administrator) on CALLE-WORK on 08-10-2013 12:06:22
Running from D:\Downloads\programme
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Programme\QNAP\Finder\iSCSIAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar D2 Audio\Customapp\ASUSAUDIOCENTER.EXE
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
() C:\Programme\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Facebook) C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Programme\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Programme\Steam\Steam.exe
(TeamSpeak Systems GmbH) D:\Programme\teamspeak3\ts3client_win64.exe
() D:\Programme\Steam\steamapps\common\dota 2 beta\dota.exe
(Valve Corporation) D:\Programme\Steam\GameOverlayUI.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Calle\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-22] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Calle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - D:\Programme\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {88da338a-bae3-11e2-bd58-002618a28e82} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {fad274e5-9694-11e1-81c1-002618a28e82} - H:\Autorun.exe
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] - D:\Programme\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-06-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
Startup: C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C6674472744CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Calle\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - D:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Facebook Desktop) - C:\Users\Calle\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Calle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Users\Calle\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Google Docs) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (ScriptSafe) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Google Reader) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\Users\Calle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - D:\Programme\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Calle\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [5283624 2013-03-13] ()
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.)

==================== Drivers (Whitelisted) ====================

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2013-04-17] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
S3 dcscusb; C:\Windows\System32\DRIVERS\dcscusb.sys [14848 2009-05-21] (Datacolor)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 P1C1394; C:\Windows\System32\DRIVERS\p1c1394.sys [39744 2012-10-23] (Phase One A/S)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 10:30 - 2013-10-08 10:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 08:31 - 2013-10-08 08:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 08:31 - 2013-10-08 08:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-08 08:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-07 17:05 - 2013-10-07 17:05 - 00000600 _____ C:\Users\Calle\AppData\Roaming\winscp.rnd
2013-10-07 14:15 - 2013-10-07 14:15 - 00000716 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-10-07 09:34 - 2013-10-07 09:35 - 00077077 _____ C:\Users\Calle\Desktop\Neues Textdokument.txt
2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-04 09:17 - 2013-10-04 09:20 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-08 08:42 - 00000952 _____ C:\Windows\setupact.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 08:54 - 2013-10-08 08:40 - 00000000 ____D C:\AdwCleaner
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 13:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:30 - 2013-09-30 12:31 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:21 - 2013-09-30 12:22 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-30 12:11 - 2013-09-30 19:24 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-14 15:10 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-14 15:10 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-14 15:10 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-14 15:10 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-14 15:10 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-14 15:10 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-14 15:10 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-14 15:10 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-14 15:10 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-09-14 15:10 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-14 15:10 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-14 15:10 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-14 15:10 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-14 15:10 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-14 15:10 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-14 15:10 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-14 15:10 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-14 15:10 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-14 15:10 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-14 15:10 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-14 15:10 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-14 15:10 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-14 15:10 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-14 15:10 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-14 15:10 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-14 15:10 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-14 15:10 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-14 15:10 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 19:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 19:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 19:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 19:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 19:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 19:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 19:05 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:05 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:05 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 19:05 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 16:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 16:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 16:21 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 16:21 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 16:21 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 16:21 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 16:21 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 16:21 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 16:21 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 16:21 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 16:21 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 16:21 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 16:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 16:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 16:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 16:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-08 11:51 - 2012-04-22 13:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 11:49 - 2012-04-22 12:06 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Skype
2013-10-08 11:44 - 2012-04-22 14:47 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-08 11:44 - 2012-04-22 14:47 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-10-08 11:09 - 2012-04-22 11:38 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001UA.job
2013-10-08 11:04 - 2012-05-19 17:59 - 00000000 ____D C:\Users\Calle\AppData\Roaming\TS3Client
2013-10-08 10:30 - 2013-10-08 10:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-08 08:49 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 08:49 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 08:45 - 2012-04-22 11:32 - 01546228 _____ C:\Windows\WindowsUpdate.log
2013-10-08 08:42 - 2013-10-01 14:50 - 00000952 _____ C:\Windows\setupact.log
2013-10-08 08:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 08:40 - 2013-10-01 08:54 - 00000000 ____D C:\AdwCleaner
2013-10-08 08:39 - 2012-04-22 13:28 - 00000000 ____D C:\Users\Calle\AppData\Local\Adobe
2013-10-08 08:31 - 2013-10-08 08:31 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-08 08:31 - 2013-10-08 08:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-07 19:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-07 19:48 - 2012-06-12 11:47 - 00000000 ____D C:\Users\Calle\AppData\Roaming\TeamViewer
2013-10-07 19:48 - 2012-04-22 13:07 - 01648846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-07 19:48 - 2012-04-22 12:58 - 00702954 _____ C:\Windows\system32\perfh007.dat
2013-10-07 19:48 - 2012-04-22 12:58 - 00150612 _____ C:\Windows\system32\perfc007.dat
2013-10-07 19:46 - 2013-04-28 19:01 - 00103951 _____ C:\Windows\SysWOW64\TVersityMediaServer.log
2013-10-07 17:05 - 2013-10-07 17:05 - 00000600 _____ C:\Users\Calle\AppData\Roaming\winscp.rnd
2013-10-07 15:11 - 2013-05-05 16:06 - 00002370 _____ C:\Users\Calle\Desktop\Google Chrome.lnk
2013-10-07 14:15 - 2013-10-07 14:15 - 00000716 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-10-07 14:15 - 2013-07-29 13:43 - 00000000 ____D C:\Programme
2013-10-07 12:46 - 2012-04-23 16:53 - 00000000 ____D C:\Zwischenspeicher
2013-10-07 09:35 - 2013-10-07 09:34 - 00077077 _____ C:\Users\Calle\Desktop\Neues Textdokument.txt
2013-10-07 09:25 - 2013-10-07 09:25 - 00000000 ____D C:\FRST
2013-10-07 09:24 - 2013-10-07 09:24 - 00000000 _____ C:\Users\Calle\defogger_reenable
2013-10-07 09:24 - 2012-04-22 11:32 - 00000000 ____D C:\Users\Calle
2013-10-07 09:18 - 2013-10-07 09:18 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-10-07 09:18 - 2013-02-10 18:49 - 00000675 _____ C:\Users\Calle\Desktop\Miranda IM.lnk
2013-10-06 13:16 - 2013-08-25 14:11 - 00000238 _____ C:\speedreport.txt
2013-10-05 12:08 - 2009-07-14 07:13 - 01629370 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 18:01 - 2012-04-22 11:37 - 00000000 ____D C:\Users\Calle\AppData\Local\Deployment
2013-10-04 09:20 - 2013-10-04 09:17 - 00000000 ____D C:\Users\Calle\Desktop\rechtsstreit
2013-10-03 09:35 - 2013-10-03 09:35 - 00000000 ____D C:\Users\Calle\Desktop\sissichor
2013-10-01 14:50 - 2013-10-01 14:50 - 00002164 _____ C:\Windows\PFRO.log
2013-10-01 14:50 - 2013-10-01 14:50 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 14:49 - 2013-05-07 14:41 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 14:49 - 2013-03-28 11:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 09:21 - 2013-10-01 09:21 - 00000075 _____ C:\Windows\wininit.ini
2013-10-01 09:13 - 2013-10-01 09:13 - 01030305 _____ (Thisisu) C:\Users\Calle\Downloads\JRT.exe
2013-10-01 09:13 - 2013-10-01 09:13 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 09:08 - 2013-10-01 09:08 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Malwarebytes
2013-10-01 09:07 - 2013-10-01 09:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Calle\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-01 09:02 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:54 - 2013-10-01 08:54 - 01045226 _____ C:\Users\Calle\Downloads\adwcleaner.exe
2013-10-01 08:53 - 2013-10-01 08:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 08:52 - 2013-10-01 08:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Calle\Downloads\mbar-1.07.0.1005.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Calle\Downloads\HiJackThis204.exe
2013-10-01 08:43 - 2013-10-01 08:43 - 00012474 _____ C:\Users\Calle\Downloads\hijackthis.log
2013-09-30 19:31 - 2013-09-30 19:31 - 00000000 ____D C:\Users\Calle\Desktop\Neuer Ordner
2013-09-30 19:24 - 2013-09-30 12:11 - 00000000 ____D C:\Users\Calle\Desktop\wichtig
2013-09-30 13:06 - 2013-09-30 12:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 12:43 - 2013-09-30 12:43 - 00000000 ____D C:\Users\Calle\Documents\ProcAlyzer Dumps
2013-09-30 12:40 - 2013-09-30 12:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 12:31 - 2013-09-30 12:30 - 37672592 _____ (Safer-Networking Ltd.                                      ) C:\Users\Calle\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 12:22 - 2013-09-30 12:21 - 00015872 ___SH C:\Users\Calle\AppData\Roaming\Thumbs.db
2013-09-27 21:09 - 2012-04-22 11:38 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3865318343-3209093555-2434980171-1001Core.job
2013-09-20 10:40 - 2012-09-14 19:22 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Media Player Classic
2013-09-20 10:40 - 2012-04-22 21:25 - 00000000 ____D C:\Windows\Panther
2013-09-20 09:51 - 2012-04-22 13:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 09:51 - 2012-04-22 13:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 09:51 - 2012-04-22 13:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 09:38 - 2012-04-22 13:30 - 00000000 ____D C:\Program Files\Adobe
2013-09-20 09:34 - 2012-12-01 16:14 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-20 09:33 - 2012-04-22 13:31 - 00000000 ____D C:\Users\Calle\AppData\Roaming\Mozilla
2013-09-20 09:33 - 2012-04-22 11:38 - 00000000 ____D C:\Users\Calle\AppData\Local\Google
2013-09-20 09:31 - 2012-04-22 13:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-20 09:25 - 2012-04-22 13:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-16 20:22 - 2013-04-28 21:28 - 00000000 ____D C:\Users\Calle\AppData\Roaming\vlc
2013-09-14 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 15:10 - 2012-04-22 11:34 - 00009178 _____ C:\Windows\system32\lvcoinst.log
2013-09-12 19:25 - 2009-07-14 06:45 - 05017856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:05 - 2013-08-14 15:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:05 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-09-12 19:04 - 2012-04-22 12:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 17:19 - 2012-04-22 13:29 - 00000000 ____D C:\ProgramData\Adobe
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 17:18 - 2012-04-22 11:33 - 00000000 ___RD C:\Users\Calle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 16:42 - 2013-08-25 16:41 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

Some content of TEMP:
====================
C:\Users\Calle\AppData\Local\Temp\avgnt.exe
C:\Users\Calle\AppData\Local\Temp\Quarantine.exe
C:\Users\Calle\AppData\Local\Temp\secuniasi2454250748480806530.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 12:41

==================== End Of Log ============================
--- --- ---



Ob ich noch das Problem habe werde ich wohl erst nach ein paar Reboots rausfinden :l

Besten Dank soweit

schrauber 09.10.2013 07:42
Dann teste mal und gib bitte Rückmeldung.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131