Trojaner-Board - Whilokii Virus entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Whilokii Virus entfernen (https://www.trojaner-board.de/143418-whilokii-virus-entfernen.html)

Whilokii Virus entfernen

Hallo,

ich nutze den Mozilla Firefox und habe seit heute seitlich links auf nahezu jeder Seite eine eingeblendete Leiste (rechts oben im Eck steht ein T, darunter dann "Related Searches:"), sowie im unteren Bildschirmrand Pop-ups die gelegentlich aufpoppen (Whilokii steht links oben im Pop-Up).
Auf Basis eines Tipps eines Bekannten habe ich folgendes bisher unternommen, jedoch ohne Erfolg:

1. Malwarebytes installiert und genutzt - 18 Infektionen, alle entfernt.
2. AdWCleaner genutzt
3. Farbar recovery Scan Tool genutzt.

Jedoch habe ich keine Logfiles außer die der Farbar.

Kannmir dennoch einer hier helfen? Ich dreh noch durch, da die Malware immer noch drauf ist und ich verzweifle.

Besten Dank!

Markus

hi,

poste die Logs von Farbar.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013

Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 22-10-2013 17:26:13

Running from C:\Users\Markus.Ortlieb\Downloads

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\system32\CISVC.EXE

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe

(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe

(Teruten) C:\Windows\system32\FsUsbExService.Exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Lync\communicator.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe

(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)

HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)

HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)

HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)

HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)

HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

HKCU\...\Policies\system: [RunLogonScriptSync] 1

HKCU\...\Policies\system: [HideLogonScripts] 0

HKCU\...\Policies\Explorer: [HideSCAHealth] 1

MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe

Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 

BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn

FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi

FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\

FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\
 

========================== Services (Whitelisted) =================
 

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)

R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)

R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)

R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)

R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)

S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)

R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)

R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)

S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)

R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)

R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)

R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)

R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)

S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)

S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)

S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)

S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)

S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsl77b0c7b5; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B88A366-55A7-4F14-862E-49827CA0829A}\MpKsl77b0c7b5.sys [40392 2013-10-22] (Microsoft Corporation)

R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)

S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)

S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)

R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )

S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )

R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )

R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:25 - 2013-10-22 17:25 - 01087503 _____ (Farbar) C:\Users\Markus.Ortlieb\Downloads\FRST.exe

2013-10-22 17:23 - 2013-10-22 17:23 - 00001453 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-22 17:22 - 2013-10-22 17:22 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT.exe

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-22 16:12 - 2013-10-22 16:12 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner-3.010.exe

2013-10-21 09:40 - 2013-10-22 17:20 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4

2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4

2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4

2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe

2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2013-09-23 16:37 - 2013-10-22 17:20 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing

2013-09-23 16:37 - 2013-10-01 14:21 - 00000000 ____D C:\Program Files\Microsoft Lync

2013-09-23 16:37 - 2013-09-23 16:37 - 00000000 ____D C:\ProgramData\Applications

2013-09-23 16:37 - 2012-05-16 17:01 - 00000784 _____ C:\Windows\TrustModelData.reg

2013-09-23 16:32 - 2013-09-23 16:32 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2013-09-23 16:31 - 2013-09-23 16:32 - 00000000 ____D C:\Windows\SHELLNEW

2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\PCHEALTH

2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Program Files\Microsoft Analysis Services

2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 __RHD C:\MSOCache

2013-09-23 16:28 - 2013-09-23 16:28 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaVo-IT

2013-09-23 15:25 - 2013-09-23 15:25 - 00000000 ____D C:\Windows\Temp3672BBF2-94FA-C70C-D425-FDE36CA8BD02-Signatures

2013-09-23 15:25 - 2012-02-21 06:00 - 00670576 _____ (Microsoft Corporation) C:\Windows\CMTrace.exe

2013-09-23 13:45 - 2013-09-23 13:45 - 00000000 ____D C:\Windows\TempDAC5738E-707B-5109-5D4A-C2257122426A-Signatures

2013-09-23 13:39 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-09-23 12:39 - 2013-09-23 14:08 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Deployment

2013-09-23 12:39 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Apps\2.0

2013-09-23 12:37 - 2013-09-23 12:39 - 00007152 _____ C:\Windows\IE9_main.log

2013-09-23 12:36 - 2010-02-11 09:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe

2013-09-23 12:34 - 2013-09-23 12:35 - 00000000 ____D C:\Windows\system32\MRT

2013-09-23 12:26 - 2013-09-23 12:26 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-23 12:26 - 2013-09-23 12:26 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-23 12:26 - 2013-09-23 12:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-09-23 12:26 - 2013-09-23 12:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-09-23 12:26 - 2013-09-23 12:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-09-23 12:26 - 2013-09-23 12:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-09-23 12:25 - 2013-09-23 12:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-09-23 12:24 - 2013-09-23 12:33 - 00022745 _____ C:\Windows\IE10_main.log

2013-09-23 12:23 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-09-23 12:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-09-23 12:23 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-09-23 12:23 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-09-23 12:23 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-09-23 12:22 - 2013-08-08 03:03 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-23 12:22 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-23 12:22 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-23 12:22 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-23 12:22 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-23 12:22 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-23 12:22 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-23 12:22 - 2013-07-26 03:56 - 12874752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-23 12:22 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-23 12:22 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-09-23 12:22 - 2013-07-19 03:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-09-23 12:22 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-23 12:22 - 2013-07-08 07:08 - 03973056 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-09-23 12:22 - 2013-07-08 07:08 - 03918272 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-23 12:22 - 2013-07-08 07:00 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-23 12:22 - 2013-07-08 06:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2013-09-23 12:22 - 2013-07-08 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-23 12:22 - 2013-07-08 05:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2013-09-23 12:22 - 2013-07-08 05:31 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2013-09-23 12:22 - 2013-07-08 05:31 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2013-09-23 12:22 - 2013-07-08 05:31 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2013-09-23 12:22 - 2013-07-08 05:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-23 12:22 - 2013-07-06 06:57 - 01309120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-09-23 12:22 - 2013-07-06 06:57 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2013-09-23 12:22 - 2013-07-06 06:57 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2013-09-23 12:21 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-09-23 12:19 - 2013-09-23 12:19 - 00000000 ____D C:\Windows\TempB05CF42F-9E08-F217-8C1D-3512896A7659-Signatures

2013-09-23 12:00 - 2013-09-23 12:00 - 00000000 ____D C:\Windows\TempD2A5BF20-10D6-6011-ABF3-CF049DC6EB8C-Signatures

2013-09-23 11:50 - 2013-10-03 20:53 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-09-23 11:49 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}

2013-09-23 11:41 - 2013-09-23 11:41 - 00000000 ____D C:\43e7645ccc023755da2e8e6a

2013-09-23 11:41 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-09-23 11:38 - 2013-09-23 11:39 - 00000004 _____ C:\ScrubRetValFile.txt
 

==================== One Month Modified Files and Folders =======
 

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:25 - 2013-10-22 17:25 - 01087503 _____ (Farbar) C:\Users\Markus.Ortlieb\Downloads\FRST.exe

2013-10-22 17:24 - 2010-09-09 22:45 - 08105462 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-22 17:24 - 2010-08-15 20:12 - 00688680 _____ C:\Windows\system32\perfh01D.dat

2013-10-22 17:24 - 2010-08-15 20:12 - 00151310 _____ C:\Windows\system32\perfc01D.dat

2013-10-22 17:24 - 2010-08-15 20:07 - 00765018 _____ C:\Windows\system32\perfh015.dat

2013-10-22 17:24 - 2010-08-15 20:07 - 00164494 _____ C:\Windows\system32\perfc015.dat

2013-10-22 17:24 - 2010-08-15 19:52 - 00768558 _____ C:\Windows\system32\perfh013.dat

2013-10-22 17:24 - 2010-08-15 19:52 - 00161766 _____ C:\Windows\system32\perfc013.dat

2013-10-22 17:24 - 2010-08-15 19:46 - 00765154 _____ C:\Windows\system32\perfh010.dat

2013-10-22 17:24 - 2010-08-15 19:46 - 00155494 _____ C:\Windows\system32\perfc010.dat

2013-10-22 17:23 - 2013-10-22 17:23 - 00001453 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-22 17:23 - 2012-02-16 17:12 - 01686779 _____ C:\Windows\WindowsUpdate.log

2013-10-22 17:22 - 2013-10-22 17:22 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT.exe

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 17:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-22 17:22 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI

2013-10-22 17:20 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-22 17:20 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing

2013-10-22 17:20 - 2011-05-10 17:42 - 00062602 _____ C:\Windows\setupact.log

2013-10-22 17:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-22 17:17 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-22 17:17 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log

2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE

2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP

2013-10-22 16:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-22 16:12 - 2013-10-22 16:12 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner-3.010.exe

2013-10-22 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job

2013-10-21 17:49 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc

2013-10-21 16:43 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache

2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol

2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources

2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP

2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump

2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol

2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync

2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-10-01 08:25 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla

2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe

2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP

2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP

2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32

2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-23 16:37 - 2013-09-23 16:37 - 00000000 ____D C:\ProgramData\Applications

2013-09-23 16:37 - 2012-03-08 10:53 - 00111288 _____ C:\Users\Markus.Ortlieb\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-23 16:34 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini

2013-09-23 16:32 - 2013-09-23 16:32 - 00000000 ____D C:\Program Files\Common Files\DESIGNER

2013-09-23 16:32 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\SHELLNEW

2013-09-23 16:32 - 2012-03-07 08:06 - 00000000 ____D C:\Program Files\Microsoft Office

2013-09-23 16:32 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Windows\PCHEALTH

2013-09-23 16:31 - 2013-09-23 16:31 - 00000000 ____D C:\Program Files\Microsoft Analysis Services

2013-09-23 16:31 - 2010-09-10 11:47 - 00000000 ____D C:\Program Files\Microsoft.NET

2013-09-23 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System

2013-09-23 16:30 - 2013-09-23 16:30 - 00000000 __RHD C:\MSOCache

2013-09-23 16:28 - 2013-09-23 16:28 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KaVo-IT

2013-09-23 15:25 - 2013-09-23 15:25 - 00000000 ____D C:\Windows\Temp3672BBF2-94FA-C70C-D425-FDE36CA8BD02-Signatures

2013-09-23 14:08 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Deployment

2013-09-23 14:08 - 2013-07-12 23:12 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Dropbox

2013-09-23 13:45 - 2013-09-23 13:45 - 00000000 ____D C:\Windows\TempDAC5738E-707B-5109-5D4A-C2257122426A-Signatures

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR

2013-09-23 12:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

2013-09-23 12:40 - 2010-10-20 10:23 - 00000000 ____D C:\INSTALL

2013-09-23 12:39 - 2013-09-23 12:39 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Apps\2.0

2013-09-23 12:39 - 2013-09-23 12:37 - 00007152 _____ C:\Windows\IE9_main.log

2013-09-23 12:35 - 2013-09-23 12:34 - 00000000 ____D C:\Windows\system32\MRT

2013-09-23 12:33 - 2013-09-23 12:24 - 00022745 _____ C:\Windows\IE10_main.log

2013-09-23 12:26 - 2013-09-23 12:26 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-23 12:26 - 2013-09-23 12:26 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-23 12:26 - 2013-09-23 12:26 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-09-23 12:26 - 2013-09-23 12:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-09-23 12:26 - 2013-09-23 12:26 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-09-23 12:26 - 2013-09-23 12:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-09-23 12:26 - 2013-09-23 12:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-09-23 12:26 - 2013-09-23 12:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-09-23 12:25 - 2013-09-23 12:25 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-09-23 12:25 - 2013-09-23 12:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-09-23 12:19 - 2013-09-23 12:19 - 00000000 ____D C:\Windows\TempB05CF42F-9E08-F217-8C1D-3512896A7659-Signatures

2013-09-23 12:00 - 2013-09-23 12:00 - 00000000 ____D C:\Windows\TempD2A5BF20-10D6-6011-ABF3-CF049DC6EB8C-Signatures

2013-09-23 11:46 - 2012-09-10 18:13 - 00000000 ____D C:\Program Files\Microsoft Policy Platform

2013-09-23 11:45 - 2010-09-10 12:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-09-23 11:41 - 2013-09-23 11:41 - 00000000 ____D C:\43e7645ccc023755da2e8e6a

2013-09-23 11:41 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender

2013-09-23 11:39 - 2013-09-23 11:38 - 00000004 _____ C:\ScrubRetValFile.txt
 

Some content of TEMP:

====================

C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe

[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
 

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109
 
 
 

LastRegBack: 2013-10-21 15:12
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013

Ran by Markus.Ortlieb at 2013-10-22 17:27:05

Running from C:\Users\Markus.Ortlieb\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: System Center 2012 Endpoint Protection (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}

AS: System Center 2012 Endpoint Protection (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (Version: 9.20.00.0)

AccelerometerP11 (Version: 2.00.10.24)

Acer GridVista (Version: 2.72.317)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Reader X (10.1.7) MUI (Version: 10.1.7)

Adobe Shockwave Player 11.6 (Version: 11.6.3.633)

Adobe Shockwave Player 11.6 (Version: 11.6.8.638)

Amazon MP3-Downloader 1.0.15 (Version: 1.0.15)

Apple Mobile Device Support (Version: 5.1.1.4)

Audiograbber 1.83 SE  (Version: 1.83 SE )

Audiograbber MP3-Plugin (Version: 1.0)

Bing Bar (Version: 7.2.241.0)

Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)

Cisco WebEx Meetings

Configuration Manager Client (Version: 5.00.7804.1000)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell ControlVault Host Components Installer (Version: 2.0.20.159)

Dell OpenManage Client Instrumentation (Version: 8.2.0.154)

Dell OpenManage Inventory Agent (for Dell Business Client Systems) (Version: 1.4.1)

Dell System Manager (Version: 1.7.10000)

Dell Touchpad (Version: 7.1208.101.124)

DHTML Editing Component (Version: 6.02.0001)

Folder Size for Windows (Version: 2.5)

Foxit Reader (Version: 6.0.3.524)

Free FLV Converter V 7.4.0 (Version: 7.4.0.0)

FreeFileSync v5.0 (Version: 5.0)

Freemake Video Converter Version 4.0.0 (Version: 4.0.0)

FreeMind (Version: 0.9.0)

FreePDF (Remove only)

Google Talk Plugin (Version: 4.7.0.15362)

Google Update Helper (Version: 1.3.23.0)

GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)

GPL Ghostscript 8.71

HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 28.0.1315.0)

HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2)

HP Update (Version: 5.003.003.001)

HPDiagnosticAlert (Version: 1.00.0000)

I.R.I.S. OCR (Version: 12.3.4.0)

Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)

iPassConnect (Version: 3.65)

iPassConnect (Version: 3.65.00)

IrfanView (remove only) (Version: 4.32)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

Java(TM) 6 Update 30 (Version: 6.0.300)

kavofonts (Version: 1)

K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)

LameXP

Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)

Marketsplash Schnellzugriffe (Version: 1.0.1.7)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft .NET Framework 4 Extended (Version: 4.0.30320)

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8410.2)

Microsoft Endpoint Protection Management Components (Version: 4.2.0223.1)

Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.2.0223.1)

Microsoft Lync 2010 (Version: 4.0.7577.4392)

Microsoft Lync 2010, MUI (Version: 4.0.7577.0)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Standard 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Policy Platform (Version: 1.2.3602.0)

Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)

Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)

Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mozilla Firefox 24.0 (x86 de) (Version: 24.0)

Mozilla Maintenance Service (Version: 24.0)

Mp3tag v2.54 (Version: v2.54)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

PC Speed Maximizer v3.2 (Version: 3.2)

Picasa 3 (Version: 3.8)

RealDownloader (Version: 1.3.1)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.0)

RealUpgrade 1.1 (Version: 1.1.0)

RedMon - Redirection Port Monitor

Revo Uninstaller 1.95 (Version: 1.95)

Roxio Creator Audio (Version: 3.7.0)

Roxio Creator Copy (Version: 3.7.0)

Roxio Creator Data (Version: 3.7.0)

Roxio Creator DE 10.3 (Version: 10.3)

Roxio Creator DE 10.3 (Version: 3.7.0)

Roxio Creator Tools (Version: 3.7.0)

Roxio Express Labeler 3 (Version: 3.2.2)

Roxio Update Manager (Version: 6.0.0)

Samsung Kies (Version: 2.3.3.12085_7)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)

SAP Business Explorer (Version: 7.20)

SAP GUI for Windows 7.20 (Version: 7.20 Compilation 2)

SeaView (Version: 1.0.0)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition

Skype™ 6.3 (Version: 6.3.105)

Sonos Controller (Version: 22.0.64240)

StreamTransport version: 1.0.2.2171

Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 28.0.1315.0)

Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (Version: 22.50.231.0)

SyncToy 2.1 (x86) (Version: 2.1.0)

System Center 2012 Endpoint Protection (Version: 4.2.223.1)

TidyNetwork

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)

Update for Zip Extractor

vcredist_x86 (Version: 1.0.0)

WebEx Productivity Tools (Version: 2.32.1200.16655)

WIDCOMM Bluetooth Software (Version: 6.3.0.6900)

Windows Firewall Configuration Provider (Version: 1.2.3412.0)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

WISO Steuer-Sparbuch 2012 (Version: 19.05.7368)

Word Layers (HKCU Version: 3)

Yahoo! Messenger

Zip Extractor Packages
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00A0759D-2A1C-4C81-A226-3A90B820BAFF} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection

Task: {03B74907-49F0-4EC0-A328-AE96D69D2A50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)

Task: {13CD2DD4-0051-44C4-923B-63777726E834} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {13F0BEF8-B504-43C3-AA03-2CB6E2A9A031} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {18CFEC96-2653-44E4-8D47-2E7AFD84ED96} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe

Task: {1AE8D8DD-E154-422F-B8A6-899E64626F41} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: {41D885E5-ADC1-4619-B5BD-35B5B4FEBEFC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {467AB0E9-0501-465B-A115-DCE3601F05BB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)

Task: {4EDD8244-8CDE-4182-895F-B9146CC69D58} - System32\Tasks\TidyNetwork Update => C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petnupdate.exe

Task: {63B94DB7-D13D-47D0-98AD-F6AE2BA288B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)

Task: {6D552273-770D-4673-874C-7CEF36E0DFC5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {726CDAAB-F9E5-4A26-9289-3ACC8178BD4F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3842183496-1387694075-2723946746-6219 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

Task: {885ECC39-599C-4E97-B55F-F5BC9C9CA125} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)

Task: {A773082F-22CB-49EA-A630-A182070623A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job => C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2011-11-14 13:42 - 2011-10-04 00:31 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

2012-04-05 10:28 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

2012-04-05 10:28 - 2012-02-22 20:49 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll

2013-09-23 13:25 - 2013-09-23 13:25 - 01928192 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\a6d77b64f85bb1135b2bc3fa240e0b58\Kies.UI.ni.dll

2013-09-23 13:25 - 2013-09-23 13:25 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\6f12d4f931067ba0d80718659128e4c0\Kies.MVVM.ni.dll

2013-09-23 13:25 - 2013-09-23 13:25 - 00184832 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fca6e0d137529e75ffab40ee22f2d4b5\Kies.Common.DeviceServiceLib.Interface.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00353280 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\6614c1906e60cced4f242d337b10f7f4\DevicePhoto.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00299520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\7cce2e92fb904b9f1e1920e852935eef\DeviceVideo.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00615424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b430d451ebbc671be6dd511bc5b5ee2d\DevicePodcast.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\b0e562f98850f23cb5420b053e12cdb4\DummyStorePlugin.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 17357824 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\412c905f6a195314f1a228f6c064bd98\Kies.Theme.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00571904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c3fac88c14755b6ea4d6fa9d0572bab9\Kies.Common.DeviceServiceLib.FileService.ni.dll

2013-09-23 11:55 - 2013-09-23 11:55 - 00040448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2b859000c738b1f5e556f5af5fcd2f77\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll

2013-09-23 13:26 - 2013-09-23 13:26 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll

2010-10-15 19:14 - 2010-10-15 19:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2012-09-13 14:38 - 2012-09-06 20:16 - 07956120 _____ () C:\Program Files\WISO\Steuersoftware 2012\wgui12.dll

2012-09-13 14:38 - 2012-09-06 20:14 - 00028672 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsdcom47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 02356736 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtCorers47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 08934400 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtGuirs47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 00990208 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtNetworkrs47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 00358400 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtXmlrs47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 00720896 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtSqlrs47.dll

2012-09-13 14:38 - 2012-02-07 12:37 - 01340416 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtScriptrs47.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 02395648 ____N () C:\Program Files\WISO\Steuersoftware 2012\Qt3Supportrs47.dll

2012-09-13 14:38 - 2012-02-07 12:37 - 11163648 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtWebKitrs47.dll

2012-09-13 14:38 - 2012-02-07 12:37 - 00271872 ____N () C:\Program Files\WISO\Steuersoftware 2012\phononrs47.dll

2012-09-13 14:38 - 2012-02-07 12:37 - 00108544 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtTestrs47.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 00275096 _____ () C:\Program Files\WISO\Steuersoftware 2012\rscorewinapi47.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 00319640 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsguiwinapi47.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 03001496 _____ () C:\Program Files\WISO\Steuersoftware 2012\wcore12.dll

2012-09-13 14:38 - 2012-09-06 20:14 - 00135832 _____ () C:\Program Files\WISO\Steuersoftware 2012\rsodbc47.dll

2012-09-13 14:38 - 2012-02-07 12:37 - 00865280 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtCLuceners47.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 02017432 _____ () C:\Program Files\WISO\Steuersoftware 2012\wfvie12.dll

2012-09-13 14:38 - 2012-02-07 12:36 - 00281088 ____N () C:\Program Files\WISO\Steuersoftware 2012\QtSvgrs47.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 01548952 _____ () C:\Program Files\WISO\Steuersoftware 2012\wsteu12.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 01649816 _____ () C:\Program Files\WISO\Steuersoftware 2012\wreli12.dll

2012-09-13 14:38 - 2012-09-06 20:15 - 04467864 _____ () C:\Program Files\WISO\Steuersoftware 2012\wauff12.dll

2013-08-17 11:31 - 2013-10-01 08:25 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2013-10-10 17:23 - 2013-10-10 17:23 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 

==================== Faulty Device Manager Devices =============
 

Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: My Book World Edition Network Storage

Description: My Book World Edition Network Storage

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 66%

Total physical RAM: 3241.02 MB

Available physical RAM: 1070.7 MB

Total Pagefile: 6480.33 MB

Available Pagefile: 3948.15 MB

Total Virtual: 2047.88 MB

Available Virtual: 1892.11 MB
 

==================== Drives ================================
 

Drive c: (LocalDisk) (Fixed) (Total:119.24 GB) (Free:8.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: BBC34479)

Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Danke & Gruß,
Markus

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

AdwCleaner löschen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Unten zunächst das Log aus FRST.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2013

Ran by Markus.Ortlieb at 2013-10-23 08:58:43 Run:1

Running from C:\Users\Markus.Ortlieb\Downloads\FRST

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

         

*****************
 

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.
 

==== End of Fixlog ====

AdWCleaner erzeugt leider keine Logdatei, ich habe danach gesucht. Auch nach einem Neustart wird diese nicht geöffnet. Ich habe das Programm gelöscht, neu runtergeladen und ausgeführt. Und nun?

Hier nun die LogDatei des Junkware-Tools:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Enterprise x86

Ran by Markus.Ortlieb on 23.10.2013 at  9:57:35,49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\minidumps [1 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23.10.2013 at  9:58:47,41

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frisches FRST log fehlt.

Ich hoffe ich habe das nun richtig gemacht. Habe wieder das Notepad geöffnet, den Text aus der Codebox eingefügt und als Fixlog.txt abgespeichert. Dann wieder FRST ausgeführt und Fix geklickt. Hier nun das Logfile:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013

Ran by Markus.Ortlieb at 2013-10-23 16:16:29 Run:2

Running from C:\Users\Markus.Ortlieb\Downloads\FRST

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

         

*****************
 

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.
 

==== End of Fixlog ====

Ich möchte nicht drängen, aber mein Rechner wird immer noch langsamer, jedes Tippen, scrollen, Mausklicks, wird/werden stark verzögert, etc. Kann ich denn irgendwas machen um wenisgtens das aufzuhalten?

Ich brauche ein frisches Scanlog von FRST nach all den Tools :)

Hallo Schrauber,

erstmal vielen Dank für die Hilfe nochmals!!! Hier nun das Scanlog, soeben durchgeführt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01

Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 24-10-2013 10:33:09

Running from C:\Users\Markus.Ortlieb\Downloads\FRST

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\system32\CISVC.EXE

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe

(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe

(Teruten) C:\Windows\system32\FsUsbExService.Exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe

(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe

(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)

HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)

HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)

HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)

HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)

HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

HKCU\...\Policies\system: [RunLogonScriptSync] 1

HKCU\...\Policies\system: [HideLogonScripts] 0

HKCU\...\Policies\Explorer: [HideSCAHealth] 1

MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe

Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 

BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn

FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi

FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\

FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\
 

========================== Services (Whitelisted) =================
 

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)

R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)

R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)

R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)

R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)

S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)

R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)

R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)

S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)

R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)

R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)

R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)

S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)

S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)

S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)

S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)

S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsl8d7ce570; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88369EEC-5AE5-4CB7-95C5-E5FF588EE8FD}\MpKsl8d7ce570.sys [40392 2013-10-23] (Microsoft Corporation)

R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)

S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)

S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)

R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )

S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )

R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )

R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java

2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe

2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe

2013-10-23 08:58 - 2013-10-24 10:33 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST

2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt

2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 09:40 - 2013-10-23 09:50 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4

2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4

2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4

2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe

2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
 

==================== One Month Modified Files and Folders =======
 

2013-10-24 10:33 - 2013-10-23 08:58 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST

2013-10-24 10:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-24 09:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job

2013-10-23 16:13 - 2012-02-16 17:12 - 01626701 _____ C:\Windows\WindowsUpdate.log

2013-10-23 16:01 - 2010-09-09 22:45 - 08141522 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-23 16:01 - 2010-08-15 20:12 - 00691622 _____ C:\Windows\system32\perfh01D.dat

2013-10-23 16:01 - 2010-08-15 20:12 - 00152192 _____ C:\Windows\system32\perfc01D.dat

2013-10-23 16:01 - 2010-08-15 20:07 - 00767960 _____ C:\Windows\system32\perfh015.dat

2013-10-23 16:01 - 2010-08-15 20:07 - 00165376 _____ C:\Windows\system32\perfc015.dat

2013-10-23 16:01 - 2010-08-15 19:52 - 00771500 _____ C:\Windows\system32\perfh013.dat

2013-10-23 16:01 - 2010-08-15 19:52 - 00162648 _____ C:\Windows\system32\perfc013.dat

2013-10-23 16:01 - 2010-08-15 19:46 - 00768096 _____ C:\Windows\system32\perfh010.dat

2013-10-23 16:01 - 2010-08-15 19:46 - 00156376 _____ C:\Windows\system32\perfc010.dat

2013-10-23 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job

2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java

2013-10-23 14:39 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-23 14:36 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache

2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-23 09:52 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI

2013-10-23 09:50 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-23 09:50 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing

2013-10-23 09:49 - 2011-05-10 17:42 - 00062826 _____ C:\Windows\setupact.log

2013-10-23 09:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe

2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe

2013-10-22 17:33 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc

2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt

2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log

2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE

2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol

2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources

2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP

2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump

2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol

2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync

2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla

2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe

2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP

2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP

2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32

2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe

[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
 

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109
 
 
 

LastRegBack: 2013-10-21 15:12
 

==================== End Of Log ============================

--- --- ---

Sieht gut aus.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo Schrauber,

ich lasse gerade ESET scannen. Jedoch kann ich die Windows-Firewall nicht deaktivieren, da die von unserem System-Admin verwaltet wird. aussage "Wir deaktivieren diese nicht!". Ich sitze ein paar hundert km von ihm weg und habe leider keinen Einfluss daher.

Ich habe übrigens immernoch die ganzen Werbeeinblndungen links, oben, unten, überall auf dem Bildschirm. Whilokii erscheint permanent ...

Sobald ich die log-files habe poste ich sie, inkl. des FRST Scanlogs.

Danke nochmals!

Markus

Hier das log-file.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=9d90ef8d66694d4f80c793f81647704c

# engine=15616

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-10-24 01:05:54

# local_time=2013-10-24 03:05:54 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 2690653 134251145 0 0

# scanned=512606

# found=1

# cleaned=0

# scan_time=6797

sh=E08C63CC3B24EEFD148937B8416AABBFB9E757E8 ft=1 fh=c54cfafd57b63771 vn="multiple threats" ac=I fn="C:\Users\Markus.Ortlieb\AppData\Local\Temp\{5AE23E50-7090-43BB-AD09-6FFF6F3FDD61}\setup.exe"

Wenn ich Security Check laufen lasse bekomme ich folgende Meldung: "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

Hier noch ein aktuelles Scanlog-File von FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01

Ran by Markus.Ortlieb (administrator) on BIB-LORTLIEBM on 24-10-2013 15:26:30

Running from C:\Users\Markus.Ortlieb\Downloads\FRST

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Windows\system32\CISVC.EXE

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe

(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe

(Teruten) C:\Windows\system32\FsUsbExService.Exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

(iPass, Inc.) C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe

(Microsoft Corporation) C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

() C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe

(Cisco WebEx LLC) C:\PROGRA~1\WebEx\PRODUC~1\ptSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Google) C:\Users\Markus.Ortlieb\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-10-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-10-04] (IDT, Inc.)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-15] ()

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-19] (RealNetworks, Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)

HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)

HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)

HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [Google Update] - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-02] (Google Inc.)

HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)

HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)

HKCU\...\Run: [PTIM.exe] - C:\Program Files\WebEx\Productivity Tools\PTIM.exe [419344 2013-05-30] (Cisco WebEx LLC)

HKCU\...\Run: [SkyDrive] - C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-21] (Microsoft Corporation)

HKCU\...\Runonce: [Uninstall C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Markus.Ortlieb\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

HKCU\...\Policies\system: [RunLogonScriptSync] 1

HKCU\...\Policies\system: [HideLogonScripts] 0

HKCU\...\Policies\Explorer: [HideSCAHealth] 1

MountPoints2: {b8300e74-bc9d-11df-ba19-806e6f6e6963} - D:\SMS\bin\i386\TSMBAutorun.exe

Startup: C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.kavo.de

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {84630365-439B-4036-955B-F475B3233C24} URL = 

BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: PETN - {C480F23A-1BA8-4106-B43E-DA48F2914C70} - C:\Users\Markus.Ortlieb\AppData\Local\TidyNetwork\petn.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911014} file:///C:/Users/Markus.Ortlieb/Downloads/DCS-942L_2523(EU)/Mydlink/activeX/DCP.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://eu.mydlink.com/8D/activeX//dcsclictrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sapgui\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\sweetpacks-a8-customized-web-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: IE Tab Plus - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\ietab@ip.cn

FF Extension: FoxClocks - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}

FF Extension: firefox - C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\Extensions\firefox@whilokii.net.xpi

FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files\WebEx\Productivity Tools\

FF Extension: WebEx Productivity Tools - C:\Program Files\WebEx\Productivity Tools\
 

========================== Services (Whitelisted) =================
 

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)

R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)

R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 dcevt32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [136248 2013-05-13] (Dell Inc.)

R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)

R2 dcstor32; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [185912 2013-05-13] (Dell Inc.)

S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149560 2012-09-25] (Dell Inc.)

R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio)

R2 HPSLPSVC; C:\Users\Markus.Ortlieb\AppData\Local\Temp\7zS661D\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)

S3 iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [1712128 2008-09-26] (iPass, Inc.)

R3 iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [155648 2008-09-01] (iPass, Inc.)

R2 iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [98304 2008-09-01] (iPass, Inc.)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2011-10-04] (O2Micro International)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

S3 smstsmgr; C:\Windows\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-10-04] (IDT, Inc.)
 

==================== Drivers (Whitelisted) ====================
 

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-10-04] (ST Microelectronics)

R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2011-11-14] (Broadcom Corporation.)

R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-10-04] (Broadcom Corporation)

S3 d554gps; C:\Windows\system32\drivers\d554gps.sys [87592 2011-10-04] (Ericsson AB)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2013-03-11] (Dell Inc.)

R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)

S3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2011-10-04] (Ericsson AB)

S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2011-10-04] (Ericsson AB)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [361032 2011-10-04] (MCCI Corporation)

S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [396872 2011-10-04] (MCCI Corporation)

S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2011-10-04] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsl8d7ce570; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88369EEC-5AE5-4CB7-95C5-E5FF588EE8FD}\MpKsl8d7ce570.sys [40392 2013-10-23] (Microsoft Corporation)

R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)

S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [27264 2011-10-04] (Novatel Wireless Inc)

S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [191488 2011-10-04] (Novatel Wireless Inc.)

R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-10-04] (O2Micro )

S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-10-04] (O2Micro )

R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-10-04] (O2Micro )

R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-24 15:24 - 2013-10-24 15:24 - 00891167 _____ C:\Users\Markus.Ortlieb\Downloads\SecurityCheck.exe

2013-10-24 14:57 - 2013-10-24 14:57 - 00110168 _____ C:\23.10.2013.one

2013-10-24 13:10 - 2013-10-24 13:10 - 02347384 _____ (ESET) C:\Users\Markus.Ortlieb\Downloads\esetsmartinstaller_enu.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java

2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe

2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe

2013-10-23 08:58 - 2013-10-24 15:26 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST

2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt

2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 09:40 - 2013-10-23 09:50 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:14 - 2013-10-14 01:40 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:27 - 2013-09-11 08:37 - 45341303 ____N C:\Users\Markus.Ortlieb\Downloads\20130911_163716.mp4

2013-10-12 19:27 - 2013-07-07 06:04 - 229688525 ____N C:\Users\Markus.Ortlieb\Downloads\20130707_150206.mp4

2013-10-12 19:27 - 2013-07-01 06:56 - 04693888 ____N C:\Users\Markus.Ortlieb\Downloads\20130701_145626.mp4

2013-10-12 19:26 - 2013-08-11 14:43 - 314465633 ____N C:\Users\Markus.Ortlieb\Downloads\20130811_224051.mp4

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-01 20:11 - 2013-05-13 13:22 - 02727456 _____ (Dell Inc.) C:\Windows\omsacntl.exe

2013-10-01 20:11 - 2013-05-13 13:22 - 00325664 _____ (Dell Inc.) C:\Windows\hapint.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00117280 _____ (Dell Inc.) C:\Windows\dciwds32.exe

2013-10-01 20:11 - 2013-05-13 13:21 - 00080928 _____ (Dell Inc.) C:\Windows\dcmdev32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00282144 _____ (Dell Inc.) C:\Windows\dchcfg32.exe

2013-10-01 20:11 - 2013-05-13 13:20 - 00231456 _____ (Dell Inc.) C:\Windows\system32\dchcfl32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00385056 _____ (Dell Inc.) C:\Windows\system32\dchbas32.dll

2013-10-01 20:11 - 2013-05-13 13:19 - 00272416 _____ (Dell Inc.) C:\Windows\system32\dchapi32.dll

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 14:21 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:09 - 2013-10-01 10:12 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:01 - 2013-09-27 12:14 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 10:51 - 2012-10-17 04:04 - 00580712 ____H (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5512.dll

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2013-09-27 10:51 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-26 11:08 - 2013-09-27 10:36 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
 

==================== One Month Modified Files and Folders =======
 

2013-10-24 15:26 - 2013-10-23 08:58 - 00000000 ____D C:\Users\Markus.Ortlieb\Downloads\FRST

2013-10-24 15:24 - 2013-10-24 15:24 - 00891167 _____ C:\Users\Markus.Ortlieb\Downloads\SecurityCheck.exe

2013-10-24 15:22 - 2012-04-05 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-24 14:57 - 2013-10-24 14:57 - 00110168 _____ C:\23.10.2013.one

2013-10-24 14:54 - 2012-07-02 14:26 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job

2013-10-24 14:54 - 2012-07-02 14:26 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job

2013-10-24 13:25 - 2012-02-16 17:12 - 01829829 _____ C:\Windows\WindowsUpdate.log

2013-10-24 13:12 - 2010-09-09 22:45 - 08141522 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-24 13:12 - 2010-08-15 20:12 - 00691622 _____ C:\Windows\system32\perfh01D.dat

2013-10-24 13:12 - 2010-08-15 20:12 - 00152192 _____ C:\Windows\system32\perfc01D.dat

2013-10-24 13:12 - 2010-08-15 20:07 - 00767960 _____ C:\Windows\system32\perfh015.dat

2013-10-24 13:12 - 2010-08-15 20:07 - 00165376 _____ C:\Windows\system32\perfc015.dat

2013-10-24 13:12 - 2010-08-15 19:52 - 00771500 _____ C:\Windows\system32\perfh013.dat

2013-10-24 13:12 - 2010-08-15 19:52 - 00162648 _____ C:\Windows\system32\perfc013.dat

2013-10-24 13:12 - 2010-08-15 19:46 - 00768096 _____ C:\Windows\system32\perfh010.dat

2013-10-24 13:12 - 2010-08-15 19:46 - 00156376 _____ C:\Windows\system32\perfc010.dat

2013-10-24 13:10 - 2013-10-24 13:10 - 02347384 _____ (ESET) C:\Users\Markus.Ortlieb\Downloads\esetsmartinstaller_enu.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-10-23 14:39 - 2013-10-23 14:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2013-10-23 14:39 - 2013-10-23 14:39 - 00000000 ____D C:\Program Files\Java

2013-10-23 14:39 - 2013-08-17 11:31 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-23 14:36 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\ccmcache

2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-23 10:02 - 2009-07-14 06:34 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-23 09:58 - 2013-10-23 09:58 - 00000772 _____ C:\Users\Markus.Ortlieb\Desktop\JRT.txt

2013-10-23 09:52 - 2010-09-09 22:44 - 00000568 _____ C:\Windows\SMSCFG.INI

2013-10-23 09:50 - 2013-10-21 09:40 - 00000000 ___RD C:\Users\Markus.Ortlieb\SkyDrive

2013-10-23 09:50 - 2013-09-23 16:37 - 00000000 ____D C:\Users\Markus.Ortlieb\Tracing

2013-10-23 09:49 - 2011-05-10 17:42 - 00062826 _____ C:\Windows\setupact.log

2013-10-23 09:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-23 09:09 - 2013-10-23 09:09 - 01033335 _____ (Thisisu) C:\Users\Markus.Ortlieb\Downloads\JRT(1).exe

2013-10-23 09:00 - 2013-10-23 09:00 - 01060070 _____ C:\Users\Markus.Ortlieb\Downloads\adwcleaner(1).exe

2013-10-22 17:33 - 2012-04-05 08:43 - 00000000 ____D C:\ProgramData\Sonos,_Inc

2013-10-22 17:27 - 2013-10-22 17:27 - 00073342 _____ C:\Users\Markus.Ortlieb\Downloads\FRST.txt

2013-10-22 17:27 - 2013-10-22 17:27 - 00019499 _____ C:\Users\Markus.Ortlieb\Downloads\Addition.txt

2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\FRST

2013-10-22 17:22 - 2013-10-22 17:22 - 00000000 ____D C:\Windows\ERUNT

2013-10-22 17:14 - 2010-09-10 09:35 - 00033218 _____ C:\Windows\PFRO.log

2013-10-22 17:14 - 2010-08-15 20:11 - 00000000 ____D C:\Windows\sv-SE

2013-10-22 17:00 - 2012-04-19 09:25 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\FreePDF_XP

2013-10-22 16:23 - 2013-10-22 16:23 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-22 16:23 - 2013-10-22 16:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-10-22 16:22 - 2013-10-22 16:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Markus.Ortlieb\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-21 16:42 - 2012-02-16 17:27 - 00054882 __RSH C:\ProgramData\ntuser.pol

2013-10-21 16:41 - 2012-02-16 17:10 - 00000400 _____ C:\Windows\system32\config\netlogon.ftl

2013-10-21 09:40 - 2013-10-21 09:40 - 00002178 _____ C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00002091 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Windows Live

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Microsoft SkyDrive

2013-10-21 09:40 - 2013-10-21 09:40 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2013-10-21 09:40 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb

2013-10-21 09:27 - 2013-10-21 09:27 - 01245168 _____ (Microsoft Corporation) C:\Users\Markus.Ortlieb\Downloads\wlsetup-web.exe

2013-10-20 18:55 - 2012-09-19 10:40 - 00194238 _____ C:\Users\Markus.Ortlieb\Downloads\OTL.Txt

2013-10-20 18:38 - 2013-10-20 18:38 - 00001088 _____ C:\Users\Markus.Ortlieb\Desktop\PC Speed Maximizer.lnk

2013-10-20 18:38 - 2013-10-20 18:38 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\0D0S1L2Z1P1B

2013-10-20 18:38 - 2012-07-02 14:26 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Google

2013-10-20 18:37 - 2013-10-20 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Markus.Ortlieb\Downloads\OTL(1).exe

2013-10-18 15:38 - 2013-10-18 15:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-10-18 09:22 - 2012-04-05 08:48 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\HpUpdate

2013-10-17 00:46 - 2013-10-17 00:46 - 00000000 _____ C:\Users\Markus.Ortlieb\Downloads\uPlayer.msi

2013-10-17 00:45 - 2013-10-17 00:45 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word Layers

2013-10-17 00:44 - 2013-10-17 00:44 - 00590496 _____ C:\Users\Markus.Ortlieb\Downloads\uplayermediaplayer-setup.exe

2013-10-17 00:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources

2013-10-15 16:11 - 2012-03-07 08:06 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-14 01:52 - 2012-04-03 13:10 - 00000000 ____D C:\privat

2013-10-14 01:40 - 2013-10-14 01:40 - 00053091 _____ C:\Users\Markus.Ortlieb\Downloads\LCR_Analysis_by_Factory.xlsx

2013-10-14 01:40 - 2013-10-14 01:14 - 00010422 _____ C:\Users\Markus.Ortlieb\Downloads\99q29jC88dwMhs8s8jCGCy8M2lCyG22q4j9wGlj4.xls

2013-10-12 19:17 - 2013-10-12 19:17 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Freemake

2013-10-11 10:41 - 2013-10-11 10:41 - 00235008 _____ C:\Windows\Minidump\101113-19578-01.dmp

2013-10-11 10:41 - 2013-06-05 12:31 - 342290339 _____ C:\Windows\MEMORY.DMP

2013-10-11 10:41 - 2013-06-05 12:31 - 00000000 ____D C:\Windows\Minidump

2013-10-10 17:23 - 2012-04-05 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-10 17:23 - 2012-02-16 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-10 02:42 - 2012-03-08 10:53 - 00012730 __RSH C:\Users\Markus.Ortlieb\ntuser.pol

2013-10-04 03:01 - 2012-09-10 18:15 - 00000000 ____D C:\Windows\CCM

2013-10-03 20:53 - 2013-10-03 20:53 - 00059120 _____ C:\Windows\system32\CcmFramework.ini

2013-10-03 20:53 - 2013-10-03 20:53 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-03 20:53 - 2013-09-23 11:50 - 00009490 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-10-03 20:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-03 20:52 - 2013-10-03 20:52 - 00000000 ____D C:\Windows\ms

2013-10-03 20:52 - 2013-09-23 11:49 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}

2013-10-01 15:40 - 2013-10-01 15:40 - 00000000 ____D C:\Users\Markus.Ortlieb\Documents\Mein Steuer-Sparbuch Heute

2013-10-01 15:39 - 2012-05-09 13:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-01 14:21 - 2013-09-23 16:37 - 00000000 ____D C:\Program Files\Microsoft Lync

2013-10-01 14:20 - 2012-09-25 07:56 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-10-01 14:20 - 2012-09-24 15:12 - 00001945 _____ C:\Windows\epplauncher.mif

2013-10-01 11:24 - 2013-10-01 11:24 - 00033488 _____ C:\Users\Markus.Ortlieb\Downloads\qwwC8wGhjMq28w48yCvwshsyGjqh8jqlM94j9qd4.xls

2013-10-01 10:12 - 2013-10-01 10:09 - 06795264 _____ C:\Users\Markus.Ortlieb\Downloads\Tracker 9-30-13-20130930-165911.xls

2013-10-01 08:25 - 2012-04-04 09:20 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Mozilla

2013-09-30 22:35 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Adobe

2013-09-30 15:45 - 2012-04-03 11:29 - 00000000 ____D C:\Procurement Europe

2013-09-30 14:12 - 2013-09-30 14:12 - 00001998 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-09-30 14:11 - 2013-09-30 14:11 - 00000000 ____D C:\Program Files\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe

2013-09-30 14:11 - 2012-02-16 17:20 - 00000000 ____D C:\ProgramData\Adobe

2013-09-27 15:54 - 2013-09-27 15:54 - 00047104 _____ C:\Users\Markus.Ortlieb\Downloads\DHR LCR Country List-20120523.xls

2013-09-27 12:14 - 2013-09-27 12:01 - 00163840 _____ C:\Users\Markus.Ortlieb\Downloads\Staff%2520schdule%2520SW%25202013_09_16-20130924-092920.xls

2013-09-27 11:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache

2013-09-27 10:51 - 2013-09-26 11:26 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk

2013-09-27 10:51 - 2012-04-05 08:47 - 00000000 ____D C:\Program Files\HP

2013-09-27 10:42 - 2012-04-05 08:47 - 00000000 ____D C:\ProgramData\HP

2013-09-27 10:36 - 2013-09-26 11:08 - 00002027 _____ C:\Users\Markus.Ortlieb\Desktop\HPPSDr.lnk

2013-09-26 15:37 - 2013-09-26 15:37 - 02338824 _____ C:\Users\Markus.Ortlieb\Downloads\hppiw.exe

2013-09-26 11:42 - 2013-09-26 11:42 - 00000000 ____D C:\Scans

2013-09-26 11:26 - 2012-09-21 12:53 - 00000000 ____D C:\Program Files\Hewlett-Packard

2013-09-26 11:08 - 2013-09-26 11:08 - 06064264 _____ C:\Users\Markus.Ortlieb\Downloads\HPPSdr.exe

2013-09-26 11:07 - 2013-09-26 11:07 - 00000333 _____ C:\Users\Markus.Ortlieb\Desktop\HP Druckerdiagnosetools.url

2013-09-26 10:59 - 2013-09-26 10:59 - 00002257 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2013-09-26 10:59 - 00001189 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk

2013-09-26 10:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32

2013-09-26 10:12 - 2012-03-08 10:53 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Local\Microsoft Help

2013-09-26 09:56 - 2013-09-26 09:56 - 00001235 _____ C:\Users\Markus.Ortlieb\Desktop\Revo Uninstaller.lnk

2013-09-26 09:56 - 2013-09-26 09:56 - 00000000 ____D C:\Program Files\VS Revo Group

2013-09-26 08:46 - 2013-09-26 08:46 - 00000000 ____D C:\Users\Markus.Ortlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2013-09-26 08:45 - 2009-07-14 06:33 - 00407056 _____ C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\Markus.Ortlieb\AppData\Local\Temp\atgpcdec.dll

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\HPInstaller.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Markus.Ortlieb\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe

[2013-05-05 18:57] - [2012-10-18 19:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
 

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2013-05-05 18:57] - [2012-10-18 22:17] - 0246104 ____A (Microsoft Corporation) 4EDEF8AB59B089925CF9A6CFC74A4109
 
 
 

LastRegBack: 2013-10-21 15:12
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Firefox 24.0
Im Internet Explorer sehe ich am unteren Bildschirmrand immer die einblendung "Diese Website möchte das folgende Add-On ausführen: "Adobe-Flash-Player" von Adobe Systems Incorporated" - Welches Risiki besteht"
Im IE hatte ich bisher jedoch noch nicht diese dauernden Einbelndungen links, oben, unten, etc.

Markus

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Habe deinstalliert, vorher jedoch die Bookmarks (hunderte) exportiert (diese noch nicht installiert), sonst keine anderen Daten mitgenommen. Neu installiert und jetzt scheint alles gut zu sein. Muss ich noch einen weiteren Test durchführen?

Vorab herzlichen Dank!!!
Markus