|
Log-Analyse und Auswertung: survey-central.deadlyblessing.com/home.htmlWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.07.2013, 16:20 | #1 |
| survey-central.deadlyblessing.com/home.html Hallo, ich bekomme ein unerwünschtes popup auf den Link in der Überschrift "survey-central.deadlyblessing.com/home.html". Aufgrund der Empfehlung in einem älteren Beitrag hier habe ich das Programm TDSS Killer installiert und einen SCAN gemacht. Hier die Auswertung: Kann mir jemand weiterhelfen, wie ich das Problem lösen kann? 17:09:46.0499 1380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:09:46.0689 1380 ============================================================ 17:09:46.0689 1380 Current date / time: 2013/07/10 17:09:46.0689 17:09:46.0689 1380 SystemInfo: 17:09:46.0689 1380 17:09:46.0689 1380 OS Version: 6.1.7601 ServicePack: 1.0 17:09:46.0689 1380 Product type: Workstation 17:09:46.0689 1380 ComputerName: LENOVOOR-2012 17:09:46.0689 1380 UserName: OR 17:09:46.0689 1380 Windows directory: C:\Windows 17:09:46.0689 1380 System windows directory: C:\Windows 17:09:46.0689 1380 Running under WOW64 17:09:46.0689 1380 Processor architecture: Intel x64 17:09:46.0689 1380 Number of processors: 4 17:09:46.0689 1380 Page size: 0x1000 17:09:46.0689 1380 Boot type: Normal boot 17:09:46.0689 1380 ============================================================ 17:09:47.0429 1380 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:09:47.0439 1380 ============================================================ 17:09:47.0439 1380 \Device\Harddisk0\DR0: 17:09:47.0439 1380 MBR partitions: 17:09:47.0439 1380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 17:09:47.0439 1380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000 17:09:47.0439 1380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000 17:09:47.0439 1380 ============================================================ 17:09:47.0469 1380 C: <-> \Device\Harddisk0\DR0\Partition2 17:09:47.0509 1380 D: <-> \Device\Harddisk0\DR0\Partition3 17:09:47.0509 1380 ============================================================ 17:09:47.0509 1380 Initialize success 17:09:47.0509 1380 ============================================================ 17:09:52.0890 3520 ============================================================ 17:09:52.0890 3520 Scan started 17:09:52.0890 3520 Mode: Manual; 17:09:52.0890 3520 ============================================================ 17:09:54.0540 3520 ================ Scan system memory ======================== 17:09:54.0540 3520 System memory - ok 17:09:54.0540 3520 ================ Scan services ============================= 17:09:54.0970 3520 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:09:54.0970 3520 1394ohci - ok 17:09:55.0010 3520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:09:55.0010 3520 ACPI - ok 17:09:55.0040 3520 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:09:55.0040 3520 AcpiPmi - ok 17:09:55.0070 3520 [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys 17:09:55.0070 3520 ACPIVPC - ok 17:09:55.0170 3520 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:09:55.0210 3520 Suspicious file (Forged): C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe. Real md5: 11A52CF7B265631DEEB24C6149309EFF, Fake md5: ADDA5E1951B90D3D23C56D3CF0622ADC 17:09:55.0210 3520 AdobeARMservice ( ForgedFile.Multi.Generic ) - warning 17:09:55.0210 3520 AdobeARMservice - detected ForgedFile.Multi.Generic (1) 17:09:55.0410 3520 AdobeFlashPlayerUpdateSvc - ok 17:09:55.0450 3520 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:09:55.0450 3520 adp94xx - ok 17:09:55.0490 3520 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:09:55.0490 3520 adpahci - ok 17:09:55.0500 3520 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:09:55.0500 3520 adpu320 - ok 17:09:55.0520 3520 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:09:55.0530 3520 AeLookupSvc - ok 17:09:55.0590 3520 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:09:55.0590 3520 AFD - ok 17:09:55.0610 3520 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:09:55.0610 3520 agp440 - ok 17:09:55.0620 3520 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:09:55.0630 3520 ALG - ok |
10.07.2013, 16:25 | #2 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.html hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
10.07.2013, 16:33 | #3 |
| survey-central.deadlyblessing.com/home.html Danke für die schnelle Antwort:
__________________Ich hoffe, das klappt so?FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 Ran by OR at 2013-07-10 17:29:49 Running from C:\Users\OR\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACFNet (x32) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) AOWin2010 (x32) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ARAG Kranken Offline-Rechner (x32 Version: 2013011614) Ashampoo DE Toolbar (x32 Version: 6.9.0.16) Ashampoo WinOptimizer 2012 v.8.1.4 (x32 Version: 8.1.4) Ask Toolbar (x32 Version: 1.15.18.0) Atheros Bluetooth Suite (64) (Version: 7.4.0.135) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.14.15) Atheros WLAN Client Installation Program (x32 Version: 9.0) Auerswald COMset 2.7.2 (x32 Version: 2.7.2) Auerswald COMtools 2.3.2 (x32 Version: 2.3.2) Auerswald-CAPI-2.0-Treiber autoMAXX (x32 Version: 1.16.0.3.1) Avira Free Antivirus (x32 Version: 13.0.0.3737) Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.4.1.29781) Bedarfsanalysecenter (x32 Version: 1.17.1.8) Benutzerhandbuch (x32 Version: 1.0.0.6) Bonjour (Version: 3.0.0.10) Bonnprint/iText (x32) Canada Life Berechnungssoftware (x32 Version: 16.0.0) Canon CanoScan Toolbox 5.0 (x32) Cisco WebEx Meetings (HKCU) Conexant HD Audio (Version: 8.54.32.50) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11) ELBE (x32 Version: 1.22.0.357 13.06.2012) Energy Management (x32 Version: 7.0.4.1) Foxit Reader (x32 Version: 6.0.3.524) Friends Plan (x32 Version: 3.02.0000) FromDocToPDF Toolbar (x32) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.149) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.3.1427) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2656) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) InterRisk WinRisk Smart-Client 5.0.0 (x32 Version: 5.0.125.0) iTunes (Version: 11.0.2.26) Janitos Offline-Tarifrechner 3.3.0.2 (x32) Java(TM) 6 Update 2 (x32 Version: 1.6.0.20) Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260) JRE 1.6.1 (x32 Version: 1.6.1) Juniper Networks Junos Pulse Collaboration 7.4.0 (HKCU Version: 7.4.0.24401) Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.2.34169) Juniper Networks, Inc. Setup Client 64-bit Activex Control (Version: 2.1.1.1) Junk Mail filter update (x32 Version: 15.4.3502.0922) Junos Pulse Collaboration 7.4.0 (x32 Version: 7.4.24401) Junos Pulse Collaboration 7.4.0 Admin (x32 Version: 7.4.24401) Komfort Tools! (x32 Version: 7.2.2.0) KONICA MINOLTA magicolor 2490MF Lenovo EasyCamera (x32 Version: 1.12.204.1) Lenovo EE Boot Optimizer (Version: 0.0.1.9) Lenovo OneKey Recovery (Version: 7.0.0.3712) Lenovo OneKey Recovery (x32 Version: 7.0.0.3712) Lenovo pointing device (Version: 10.4.2.8) Lenovo Registration (x32 Version: 1.0.4) Lenovo Solution Center (Version: 2.1.003.00) Lenovo Welcome (x32 Version: 3.1.0011.00) Lenovo YouCam (x32 Version: 3.1.3728) lightshot-4.3.0.0 (x32 Version: 4.3.0.0) LockKey (x32 Version: 1.38.1.2) magicolor 2490MF (Version: 1.10.0000) magicolor 2490MF (x32 Version: ) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (x32 Version: 3.5.5692.0) Microsoft SQL Server Compact 3.5 SP1 x64 (Deutsch) (Version: 3.5.5692.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyPhoneExplorer (x32 Version: 1.8.4) ntyone 1.0.0 (Version: 1.0.0) NÜRNBERGER AutoUpdater (x32 Version: 1.2) NÜRNBERGER BTplus 12.2012 (x32 Version: 12.12.4885.24307) NVIDIA Grafiktreiber 296.73 (Version: 296.73) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.13 (Version: 1.7.13) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213) NVIDIA Systemsteuerung 296.73 (Version: 296.73) NVIDIA Update 1.7.13 (Version: 1.7.13) NVIDIA Update Components (Version: 1.7.13) PDFCreator (x32 Version: 1.5.1) Power2Go (x32 Version: 5.6.0.7303) Produktrechner 07.01.00.04 (x32 Version: 07.01.00.04.828) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39016) RSA SecurID Software Token (x32 Version: 4.1.0) RSA Smart Card Middleware 3.5 (x32 Version: 3.5.3.36) RuntimeInstallieren (x32 Version: 1.20.0001) Samsung ML-1520 Series (x32) ScanSoft PaperPort 10 (x32 Version: 10.2.0000) SIGNAL IDUNA Beratungssoftware freie Vertriebe (x32 Version: 012.41.0002) Skype™ 6.3 (x32 Version: 6.3.105) Softonic toolbar on IE and Chrome (x32 Version: 1.8.19.3) SopCast 3.8.2 (x32 Version: 3.8.2) Spybot - Search & Destroy (x32 Version: 2.1.20) SugarSync Manager (x32 Version: 1.9.49.86082) Tarifsoftware (x32 Version: 4.35.0000) Tarifsoftware (x32 Version: 4.38.0000) twentyone (HKCU) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) updater-1.3.0.5 (x32) UserGuide (x32 Version: 1.0.0.6) VeriFace (x32 Version: 4.0.1.1230) VHV RECOMAX (x32 Version: 7.00) VHV-Tarifprogramm (x32 Version: 52.0.31) VOLKSWOHL BUND - Angebotsprogramm Komfort (x32 Version: 13.3.0) VorsorgePLANER (x32 Version: 3.1) Windows Internet Explorer 10 (x32 Version: 10.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1) Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444) (Version: 05/17/2005 5.2.3790.2444) WiseConvert 1.3 Toolbar (x32 Version: 6.9.0.16) Wunderlist (HKCU Version: 2.0.6.12) Wunderlist (x32 Version: 1.2.4) Zurich Life Tarifrechner (x32 Version: 1.05.0000) Zurich Life Tarifrechner v1.05 (x32 Version: 1.05.0000) ==================== Restore Points ========================= ==================== Hosts content: ========================== 1601-01-02 06:16 - 2013-07-10 15:22 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 Ó¢»Ê¹ú¼ÊÓéÀÖ³Ç-www.0scan.com-³¯Ñô¶«Ìú¿ó²úÆ·ÏúÊÛÓÐÏÞ¹«Ë¾ 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {14767F67-7F74-4C40-AC09-0EC9D6DF8E9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02] (Adobe Systems Incorporated) Task: {1667E527-40E0-42FE-88CA-304B4EFBFDB6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo) Task: {1FB56EC0-40C4-45E5-B9FF-E85BCD75851C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo) Task: {38D263B8-EAF5-4D6A-B279-3F0D2BA45AA7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] () Task: {41961A1B-10E6-4442-A92A-23563DE910E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.) Task: {5B9C9D1D-E1AA-4A9B-81C6-DF602B05DA33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {A72260FD-8391-48EA-A4E5-C3856DE1A3CC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File Task: {A7E8F3CD-B19A-4CC0-92AB-26A7676AB8F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {B27A18CF-C6E6-4BC3-9759-AA3E2B80F245} - System32\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] () Task: {BC66BEEC-2598-4EFA-AEF2-3B168300B5F9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink) Task: {C722D165-5B56-4291-A136-6A5AE776C5B2} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] () Task: {C7A28F5B-4CF2-4E46-8A06-923F406AE46F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {D537908A-492F-45A4-B858-1A4788E5A3E7} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {D6F31A08-C77D-4AA7-AE75-149EA8FBD1F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E96CF09B-A2F0-4B6E-BA22-3F2671F2A5FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F1006CC8-BC73-4DE7-BEDB-F4D84DE6B854} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Faulty Device Manager Devices ============= Name: GT-I9300 Description: GT-I9300 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: SAMSUNG Electronics Co. Ltd. Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: CDC Serial Description: CDC Serial Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SAMSUNG_Android Description: SAMSUNG_Android Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/10/2013 04:09:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2013 03:50:48 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften Prozesses: 0x1210 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (07/10/2013 10:09:58 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2013 08:17:11 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 07:58:06 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 00:55:08 PM) (Source: Windows Search Service) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1515061152-1345135165-2226213091-1001}/">. Error: (07/08/2013 08:09:36 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 10:14:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 03:49:34 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 07:38:08 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/10/2013 04:12:19 PM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/10/2013 10:11:46 AM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/10/2013 10:10:52 AM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/09/2013 08:17:26 AM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/08/2013 07:56:59 PM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/08/2013 08:10:06 AM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/07/2013 10:13:25 PM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/07/2013 03:48:25 PM) (Source: DCOM) (User: ) Description: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6} Error: (07/06/2013 10:10:57 PM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (07/06/2013 10:10:27 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (07/10/2013 04:09:52 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2013 03:50:48 PM) (Source: Application Error)(User: ) Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668121001ce7d7269cf52d8C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllb9938305-e967-11e2-9407-74e5433441a3 Error: (07/10/2013 10:09:58 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2013 08:17:11 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 07:58:06 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2013 00:55:08 PM) (Source: Windows Search Service)(User: ) Description: 300x80040d07iehistory://{S-1-5-21-1515061152-1345135165-2226213091-1001}/ Error: (07/08/2013 08:09:36 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 10:14:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 03:49:34 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 07:38:08 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 6046.36 MB Available physical RAM: 2461.35 MB Total Pagefile: 12090.89 MB Available Pagefile: 7965.86 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:328.55 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:22.2 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: ED613F8C) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=20 GB) - (Type=12) ==================== End Of Log ============================ und diese hier: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 Ran by OR (administrator) on 10-07-2013 17:29:10 Running from C:\Users\OR\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apache Software Foundation) C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe (COMPANYVERS_NAME) C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (6 Wunderkinder GmbH) C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe (Skillbrains) C:\Users\OR\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.Updater.TrayApp.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [170264 2012-03-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [398616 2012-03-02] (Intel Corporation) HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [440600 2012-03-02] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe" [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe" [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-15] (Lenovo) HKCU\...\Run: [LightShot] - C:\Users\OR\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] () HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-03-20] (Macrovision Corporation) HKCU\...\Run: [Wunderlist] - "C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent [6924288 2013-03-17] (6 Wunderkinder GmbH) HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-15] (Google Inc.) MountPoints2: {7f297150-ce30-11e1-b85b-806e6f6e6963} - F:\viewer.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-15] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [x] HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [PaperPort PTD] - "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [36864 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] - "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [40960 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [RSA Card Conversion Utility] - C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background [3499728 2010-08-27] (RSA, The Security Division of EMC.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - "C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65srchmn.exe" /m=2 /w /h [42536 2013-03-11] (MindSpark) HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-03-11] (VER_COMPANY_NAME) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show [x] AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NÜRNBERGER AutoUpdater.lnk ShortcutTarget: NÜRNBERGER AutoUpdater.lnk -> C:\Windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe (Acresso Software Inc.) Startup: C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Schnell-Startseite - COMPUTER BILD HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fußball | FC Bayern | BVB | Transfermarkt | MotoGP am Sachsenring | Formel 1 | Tour de France | NBA hxxp://www.consors.de/ hxxp://www.diba.de/ DAX Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net XING - Das professionelle Netzwerk | XING EURO STOXX 50 Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net hxxp://www.meine-ksk.de/ hxxp://www.facebook.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Schnell-Startseite - COMPUTER BILD URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No File URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File URLSearchHook: (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No File SearchScopes: HKCU - {1026DF48-72E4-4D65-B345-61A9375FCBF0} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} SearchScopes: HKCU - {1DE2CD27-0085-42DC-A343-67156AB36340} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} SearchScopes: HKCU - {C36BADDB-D551-4B9E-8650-FDC89CB0DFD2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 SearchScopes: HKCU - {ECA8066B-9ABB-4895-ABC0-C457DEFB29CB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=40b75a14-ce34-4351-a787-e7d6ca58c145&apn_sauid=417BB6C0-CBBE-4E8D-A4B8-7ACBC3628E1B SearchScopes: HKCU - {F4D041D9-CEEF-4058-90F6-C52E5AE5DA9E} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=1c3d807000000000000074e5433441a3&r=280 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) BHO-x32: Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com) BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.hypoport.de/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.sport1.de/|hxxp://www.consors.de/|hxxp://www.diba.de/|hxxp://www.finanzen.net/aktien/DAX-Realtimekurse|hxxp://www.xing.com/|hxxp://www.finanzen.net/aktien/Euro_Stoxx_50-Realtimekurse|hxxp://www.meine-ksk.de/|hxxp://www.facebook.de/ FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=40b75a14-ce34-4351-a787-e7d6ca58c145&apn_ptnrs=%5EAGS&apn_sauid=417BB6C0-CBBE-4E8D-A4B8-7ACBC3628E1B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Cool Smiley Bar for Facebook - C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default\Extensions\pluswinks@PlusWinks FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0 CHR Extension: (Softonic Chrome Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0 CHR Extension: () - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AragMscKV; C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe [53248 2007-03-05] (Apache Software Foundation) R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.) R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) R2 FromDocToPDF_65Service; C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-11] (COMPANYVERS_NAME) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NbgAutoUpdater; C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [21072 2013-04-25] (NÜRNBERGER Versicherungsgruppe) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 WinRiskXASmClSoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe [24576 2012-04-18] (BISS GmbH) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG ) R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG ) S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setupact.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:49 - 2013-07-10 16:50 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 15:57 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-10 15:57 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-10 15:57 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-10 15:57 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:22 - 2013-07-10 15:19 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:19 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151921.backup 2013-07-10 15:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151828.backup 2013-07-10 15:13 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151317.backup 2013-07-10 15:05 - 2013-07-10 15:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:05 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 10:19 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 10:19 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 10:19 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 10:19 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 10:19 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 10:19 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 10:19 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-08 12:14 - 2013-07-08 14:16 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 15:57 - 2013-07-05 16:32 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-04 16:59 - 2013-07-04 17:01 - 00000000 ____D C:\Users\OR\AppData\Roaming\PerformerSoft 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\SpeedAnalysis2 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\File Scout 2013-07-04 16:59 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\system32\roboot64.exe 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00139264 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00069632 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javacpl.cpl 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2013-06-20 12:49 - 2013-06-20 12:50 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-18 15:46 - 2013-06-25 16:53 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:21 - 2013-02-17 01:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:09 - 2013-06-20 12:59 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 22:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 22:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 22:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 22:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 22:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 22:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== One Month Modified Files and Folders ======= 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setupact.log 2013-07-10 17:14 - 2012-11-05 22:35 - 00000000 ____D C:\Users\OR\Documents\Outlook-Dateien 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:50 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 16:41 - 2012-11-04 18:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 16:39 - 2012-07-15 06:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-10 16:12 - 2012-07-15 06:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-10 16:12 - 1601-01-02 06:16 - 00213916 ____A C:\Windows\system32\fastboot.set 2013-07-10 16:09 - 1601-01-02 06:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 16:08 - 2012-11-19 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 16:08 - 2011-10-10 10:19 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 16:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 16:05 - 2012-11-05 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 16:05 - 2012-07-15 05:40 - 00608972 ____A C:\Windows\WindowsUpdate.log 2013-07-10 16:03 - 1601-01-02 06:16 - 01643236 ____A C:\Windows\system32\PerfStringBackup.INI 2013-07-10 16:03 - 1601-01-02 06:16 - 00700418 ____A C:\Windows\system32\perfh007.dat 2013-07-10 16:03 - 1601-01-02 06:16 - 00149182 ____A C:\Windows\system32\perfc007.dat 2013-07-10 15:58 - 1601-01-02 06:16 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 15:51 - 2012-11-06 02:54 - 00000000 ____D C:\Users\OR\AppData\Local\CrashDumps 2013-07-10 15:44 - 2012-11-10 20:54 - 00000382 ____A C:\Windows\Tasks\update-sys.job 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:24 - 2013-07-10 15:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:19 - 2013-07-10 15:22 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 15:03 - 2012-11-10 21:10 - 00000382 ____A C:\Windows\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001.job 2013-07-09 08:34 - 1601-01-02 06:16 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-09 08:34 - 1601-01-02 06:16 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-08 14:16 - 2013-07-08 12:14 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 19:33 - 2012-10-31 12:07 - 00000000 ____D C:\Users\OR\swoffice-ten 2013-07-05 16:32 - 2013-07-05 15:57 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-05 14:28 - 2012-10-31 12:07 - 00000607 ____A C:\Users\OR\ClientCache.script 2013-07-05 14:28 - 2012-10-31 12:07 - 00000438 ____A C:\Users\OR\ClientCache.properties 2013-07-05 14:28 - 2012-10-31 12:07 - 00000042 ____A C:\Users\OR\ClientCache.log 2013-07-04 17:01 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PerformerSoft 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\SpeedAnalysis2 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\File Scout 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 14:15 - 2012-11-04 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-02 14:15 - 2012-11-04 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-02 14:15 - 2012-11-04 18:33 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-02 09:32 - 2012-11-14 02:58 - 00000000 ____D C:\Users\OR\AppData\Roaming\Mozilla 2013-06-28 19:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 19:32 - 2012-12-20 20:30 - 01599138 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-27 17:04 - 2013-05-07 11:48 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-06-25 16:53 - 2013-06-18 15:46 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-24 16:43 - 2012-11-12 13:53 - 00000000 ____D C:\ACFNet 2013-06-20 12:59 - 2013-06-16 14:09 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-20 12:58 - 2012-11-10 20:17 - 00024694 ____A C:\jre.log 2013-06-20 12:58 - 2012-11-10 20:17 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.6.0_02-b06.log 2013-06-20 12:50 - 2013-06-20 12:49 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-19 09:27 - 2012-10-31 10:01 - 00002254 ____A C:\Users\OR\Desktop\OneKey Recovery.lnk 2013-06-19 09:19 - 1601-01-02 06:16 - 00002016 ____A C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 15:02 - 2012-11-16 15:56 - 00000476 ____A C:\Windows\ODBC.INI 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:41 - 2012-10-31 11:57 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Users\OR\twentyonestarter 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Program Files\twentyone 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-18 10:19 - 2012-11-14 00:29 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-18 10:17 - 2012-11-02 00:32 - 01092512 ____A (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:08 - 2012-11-10 20:17 - 00000000 ____D C:\Users\Public\Anwendungsdaten 2013-06-14 12:09 - 2012-11-13 14:11 - 00005345 ____A C:\Users\OR\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html 2013-06-13 20:24 - 2012-10-31 17:13 - 00000000 ____D C:\Users\OR\Documents\Hanseatischer FinanzService 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 14:34 - 2012-11-14 00:29 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-12 01:25 - 2013-07-10 15:57 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 22:21 ==================== End Of Log ============================ --- --- --- |
10.07.2013, 16:34 | #4 |
| survey-central.deadlyblessing.com/home.html und diese hier: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 Ran by OR (administrator) on 10-07-2013 17:29:10 Running from C:\Users\OR\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apache Software Foundation) C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe (COMPANYVERS_NAME) C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (6 Wunderkinder GmbH) C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe (Skillbrains) C:\Users\OR\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.Updater.TrayApp.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [170264 2012-03-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [398616 2012-03-02] (Intel Corporation) HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [440600 2012-03-02] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe" [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe" [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-15] (Lenovo) HKCU\...\Run: [LightShot] - C:\Users\OR\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] () HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-03-20] (Macrovision Corporation) HKCU\...\Run: [Wunderlist] - "C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent [6924288 2013-03-17] (6 Wunderkinder GmbH) HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-15] (Google Inc.) MountPoints2: {7f297150-ce30-11e1-b85b-806e6f6e6963} - F:\viewer.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-15] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [x] HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [PaperPort PTD] - "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [36864 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] - "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [40960 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [RSA Card Conversion Utility] - C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background [3499728 2010-08-27] (RSA, The Security Division of EMC.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - "C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65srchmn.exe" /m=2 /w /h [42536 2013-03-11] (MindSpark) HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-03-11] (VER_COMPANY_NAME) HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show [x] AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NÜRNBERGER AutoUpdater.lnk ShortcutTarget: NÜRNBERGER AutoUpdater.lnk -> C:\Windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe (Acresso Software Inc.) Startup: C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Schnell-Startseite - COMPUTER BILD HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fußball | FC Bayern | BVB | Transfermarkt | MotoGP am Sachsenring | Formel 1 | Tour de France | NBA hxxp://www.consors.de/ hxxp://www.diba.de/ DAX Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net XING - Das professionelle Netzwerk | XING EURO STOXX 50 Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net hxxp://www.meine-ksk.de/ hxxp://www.facebook.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Schnell-Startseite - COMPUTER BILD URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No File URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File URLSearchHook: (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No File SearchScopes: HKCU - {1026DF48-72E4-4D65-B345-61A9375FCBF0} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} SearchScopes: HKCU - {1DE2CD27-0085-42DC-A343-67156AB36340} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} SearchScopes: HKCU - {C36BADDB-D551-4B9E-8650-FDC89CB0DFD2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 SearchScopes: HKCU - {ECA8066B-9ABB-4895-ABC0-C457DEFB29CB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=40b75a14-ce34-4351-a787-e7d6ca58c145&apn_sauid=417BB6C0-CBBE-4E8D-A4B8-7ACBC3628E1B SearchScopes: HKCU - {F4D041D9-CEEF-4058-90F6-C52E5AE5DA9E} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=1c3d807000000000000074e5433441a3&r=280 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) BHO-x32: Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com) BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark) Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No File Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.hypoport.de/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.sport1.de/|hxxp://www.consors.de/|hxxp://www.diba.de/|hxxp://www.finanzen.net/aktien/DAX-Realtimekurse|hxxp://www.xing.com/|hxxp://www.finanzen.net/aktien/Euro_Stoxx_50-Realtimekurse|hxxp://www.meine-ksk.de/|hxxp://www.facebook.de/ FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=40b75a14-ce34-4351-a787-e7d6ca58c145&apn_ptnrs=%5EAGS&apn_sauid=417BB6C0-CBBE-4E8D-A4B8-7ACBC3628E1B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Cool Smiley Bar for Facebook - C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default\Extensions\pluswinks@PlusWinks FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0 CHR Extension: (Softonic Chrome Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0 CHR Extension: () - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AragMscKV; C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe [53248 2007-03-05] (Apache Software Foundation) R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.) R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) R2 FromDocToPDF_65Service; C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-11] (COMPANYVERS_NAME) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NbgAutoUpdater; C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [21072 2013-04-25] (NÜRNBERGER Versicherungsgruppe) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 WinRiskXASmClSoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe [24576 2012-04-18] (BISS GmbH) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG ) R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG ) S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setupact.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:49 - 2013-07-10 16:50 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 15:57 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-10 15:57 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-10 15:57 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-10 15:57 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:22 - 2013-07-10 15:19 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:19 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151921.backup 2013-07-10 15:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151828.backup 2013-07-10 15:13 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151317.backup 2013-07-10 15:05 - 2013-07-10 15:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:05 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 10:19 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 10:19 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 10:19 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 10:19 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 10:19 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 10:19 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 10:19 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-08 12:14 - 2013-07-08 14:16 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 15:57 - 2013-07-05 16:32 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-04 16:59 - 2013-07-04 17:01 - 00000000 ____D C:\Users\OR\AppData\Roaming\PerformerSoft 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\SpeedAnalysis2 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\File Scout 2013-07-04 16:59 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\system32\roboot64.exe 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00139264 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00069632 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javacpl.cpl 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2013-06-20 12:49 - 2013-06-20 12:50 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-18 15:46 - 2013-06-25 16:53 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:21 - 2013-02-17 01:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:09 - 2013-06-20 12:59 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 22:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 22:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 22:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 22:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 22:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 22:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== One Month Modified Files and Folders ======= 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setupact.log 2013-07-10 17:14 - 2012-11-05 22:35 - 00000000 ____D C:\Users\OR\Documents\Outlook-Dateien 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:50 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 16:41 - 2012-11-04 18:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 16:39 - 2012-07-15 06:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-10 16:12 - 2012-07-15 06:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-10 16:12 - 1601-01-02 06:16 - 00213916 ____A C:\Windows\system32\fastboot.set 2013-07-10 16:09 - 1601-01-02 06:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 16:08 - 2012-11-19 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 16:08 - 2011-10-10 10:19 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 16:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 16:05 - 2012-11-05 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 16:05 - 2012-07-15 05:40 - 00608972 ____A C:\Windows\WindowsUpdate.log 2013-07-10 16:03 - 1601-01-02 06:16 - 01643236 ____A C:\Windows\system32\PerfStringBackup.INI 2013-07-10 16:03 - 1601-01-02 06:16 - 00700418 ____A C:\Windows\system32\perfh007.dat 2013-07-10 16:03 - 1601-01-02 06:16 - 00149182 ____A C:\Windows\system32\perfc007.dat 2013-07-10 15:58 - 1601-01-02 06:16 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 15:51 - 2012-11-06 02:54 - 00000000 ____D C:\Users\OR\AppData\Local\CrashDumps 2013-07-10 15:44 - 2012-11-10 20:54 - 00000382 ____A C:\Windows\Tasks\update-sys.job 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:24 - 2013-07-10 15:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:19 - 2013-07-10 15:22 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 15:03 - 2012-11-10 21:10 - 00000382 ____A C:\Windows\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001.job 2013-07-09 08:34 - 1601-01-02 06:16 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-09 08:34 - 1601-01-02 06:16 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-08 14:16 - 2013-07-08 12:14 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 19:33 - 2012-10-31 12:07 - 00000000 ____D C:\Users\OR\swoffice-ten 2013-07-05 16:32 - 2013-07-05 15:57 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-05 14:28 - 2012-10-31 12:07 - 00000607 ____A C:\Users\OR\ClientCache.script 2013-07-05 14:28 - 2012-10-31 12:07 - 00000438 ____A C:\Users\OR\ClientCache.properties 2013-07-05 14:28 - 2012-10-31 12:07 - 00000042 ____A C:\Users\OR\ClientCache.log 2013-07-04 17:01 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PerformerSoft 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\SpeedAnalysis2 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\File Scout 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 14:15 - 2012-11-04 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-02 14:15 - 2012-11-04 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-02 14:15 - 2012-11-04 18:33 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-02 09:32 - 2012-11-14 02:58 - 00000000 ____D C:\Users\OR\AppData\Roaming\Mozilla 2013-06-28 19:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 19:32 - 2012-12-20 20:30 - 01599138 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-27 17:04 - 2013-05-07 11:48 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-06-25 16:53 - 2013-06-18 15:46 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-24 16:43 - 2012-11-12 13:53 - 00000000 ____D C:\ACFNet 2013-06-20 12:59 - 2013-06-16 14:09 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-20 12:58 - 2012-11-10 20:17 - 00024694 ____A C:\jre.log 2013-06-20 12:58 - 2012-11-10 20:17 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.6.0_02-b06.log 2013-06-20 12:50 - 2013-06-20 12:49 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-19 09:27 - 2012-10-31 10:01 - 00002254 ____A C:\Users\OR\Desktop\OneKey Recovery.lnk 2013-06-19 09:19 - 1601-01-02 06:16 - 00002016 ____A C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 15:02 - 2012-11-16 15:56 - 00000476 ____A C:\Windows\ODBC.INI 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:41 - 2012-10-31 11:57 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Users\OR\twentyonestarter 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Program Files\twentyone 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-18 10:19 - 2012-11-14 00:29 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-18 10:17 - 2012-11-02 00:32 - 01092512 ____A (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:08 - 2012-11-10 20:17 - 00000000 ____D C:\Users\Public\Anwendungsdaten 2013-06-14 12:09 - 2012-11-13 14:11 - 00005345 ____A C:\Users\OR\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html 2013-06-13 20:24 - 2012-10-31 17:13 - 00000000 ____D C:\Users\OR\Documents\Hanseatischer FinanzService 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 14:34 - 2012-11-14 00:29 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-12 01:25 - 2013-07-10 15:57 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 22:21 ==================== End Of Log ============================ |
10.07.2013, 20:27 | #5 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.html Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.07.2013, 20:48 | #6 |
| survey-central.deadlyblessing.com/home.html Hier die Logdatei vom AdwCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 10/07/2013 um 21:41:39 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : OR - LENOVOOR-2012 # Bootmodus : Normal # Ausgeführt unter : C:\Users\OR\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Gelöscht mit Neustart : C:\Program Files (x86)\FromDocToPDF_65 Ordner Gelöscht : C:\Program Files (x86)\Ashampoo_DE Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\Softonic Ordner Gelöscht : C:\Program Files (x86)\WiseConvert_1.3 Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\OR\AppData\Local\APN Ordner Gelöscht : C:\Users\OR\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\Ashampoo_DE Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\FromDocToPDF_65 Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\OR\AppData\LocalLow\WiseConvert_1.3 Ordner Gelöscht : C:\Users\OR\AppData\Roaming\file scout Ordner Gelöscht : C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default\extensions\pluswinks@PlusWinks Ordner Gelöscht : C:\Users\OR\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\OR\AppData\Roaming\PerformerSoft Ordner Gelöscht : C:\Users\OR\AppData\Roaming\Softonic Ordner Gelöscht : C:\Users\OR\AppData\Roaming\SpeedAnalysis2 Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Ashampoo_DE Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert_1.3 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5786D022-540E-4699-B350-B4BE0AE94B79} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5786D022-540E-4699-B350-B4BE0AE94B79} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\Ashampoo_DE Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6477D09-A529-4EEC-993D-BAAEB71AE111} Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\Softonic Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6477D09-A529-4EEC-993D-BAAEB71AE111} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A8D69A2-4C51-4AA0-8B84-60F60A35B05B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D7C7E3A-2FC8-4836-AE94-0A30FC55C378} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F31D54A9-147C-45D1-8E37-680D175A321B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84BCB41-5A74-4799-8FF5-DCEC0FC6B3C6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5786D022-540E-4699-B350-B4BE0AE94B79} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5786D022-540E-4699-B350-B4BE0AE94B79}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5786D022-540E-4699-B350-B4BE0AE94B79}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=1c3d807000000000000074e5433441a3 --> hxxp://www.google.com -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default\prefs.js Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", ""); Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [20824 octets] - [10/07/2013 21:41:39] ########## EOF - C:\AdwCleaner[S1].txt - [20885 octets] ########## |
10.07.2013, 20:51 | #7 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.html und weiter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.07.2013, 20:57 | #8 |
| survey-central.deadlyblessing.com/home.html und (hoffentlich) zu guter Letzt JRT :-)JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.4 (07.10.2013:1) OS: Windows 7 Home Premium x64 Ran by OR on 10.07.2013 at 21:50:06,95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C36BADDB-D551-4B9E-8650-FDC89CB0DFD2} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ECA8066B-9ABB-4895-ABC0-C457DEFB29CB} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4D041D9-CEEF-4058-90F6-C52E5AE5DA9E} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\OR\appdata\local\{75022F5E-6C8F-4679-A3A0-C40A986D3E30} Successfully deleted: [Empty Folder] C:\Users\OR\appdata\local\{956E167D-FB6E-485E-8321-1F7DC8D496C6} Successfully deleted: [Empty Folder] C:\Users\OR\appdata\local\{E6F7741C-3C4A-493E-B644-D97C3D02A149} ~~~ FireFox Emptied folder: C:\Users\OR\AppData\Roaming\mozilla\firefox\profiles\azekr1jk.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.07.2013 at 21:55:38,58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hier das frische FRST.log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 Ran by OR (administrator) on 10-07-2013 22:08:08 Running from C:\Users\OR\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apache Software Foundation) C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe (COMPANYVERS_NAME) C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Skillbrains) C:\Users\OR\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (6 Wunderkinder GmbH) C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.Updater.TrayApp.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [170264 2012-03-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [398616 2012-03-02] (Intel Corporation) HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [440600 2012-03-02] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe" [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe" [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-15] (Lenovo) HKCU\...\Run: [LightShot] - C:\Users\OR\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] () HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-03-20] (Macrovision Corporation) HKCU\...\Run: [Wunderlist] - "C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent [6924288 2013-03-17] (6 Wunderkinder GmbH) HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-15] (Google Inc.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {7f297150-ce30-11e1-b85b-806e6f6e6963} - F:\viewer.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-15] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [PaperPort PTD] - "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [36864 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] - "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [40960 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [RSA Card Conversion Utility] - C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background [3499728 2010-08-27] (RSA, The Security Division of EMC.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - "C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65srchmn.exe" /m=2 /w /h [x] HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65brmon.exe [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show [x] Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NÜRNBERGER AutoUpdater.lnk ShortcutTarget: NÜRNBERGER AutoUpdater.lnk -> C:\Windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe (Acresso Software Inc.) Startup: C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Schnell-Startseite - COMPUTER BILD HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fußball | FC Bayern | BVB | Transfermarkt | MotoGP am Sachsenring | Formel 1 | Tour de France | NBA hxxp://www.consors.de/ hxxp://www.diba.de/ DAX Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net XING - Das professionelle Netzwerk | XING EURO STOXX 50 Liste Realtime-Kurs | kostenlose Realtimekurse | Echtzeitkurse | finanzen.net hxxp://www.meine-ksk.de/ hxxp://www.facebook.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Schnell-Startseite - COMPUTER BILD URLSearchHook: (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No File SearchScopes: HKCU - {1026DF48-72E4-4D65-B345-61A9375FCBF0} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} SearchScopes: HKCU - {1DE2CD27-0085-42DC-A343-67156AB36340} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65bar.dll No File BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.hypoport.de/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default FF Homepage: hxxp://www.sport1.de/|hxxp://www.consors.de/|hxxp://www.diba.de/|hxxp://www.finanzen.net/aktien/DAX-Realtimekurse|hxxp://www.xing.com/|hxxp://www.finanzen.net/aktien/Euro_Stoxx_50-Realtimekurse|hxxp://www.meine-ksk.de/|hxxp://www.facebook.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: No Name - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0 CHR Extension: (Softonic Chrome Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0 CHR Extension: () - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AragMscKV; C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe [53248 2007-03-05] (Apache Software Foundation) R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.) R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) R2 FromDocToPDF_65Service; C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-11] (COMPANYVERS_NAME) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NbgAutoUpdater; C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [21072 2013-04-25] (NÜRNBERGER Versicherungsgruppe) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 WinRiskXASmClSoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe [24576 2012-04-18] (BISS GmbH) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG ) R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG ) S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 21:55 - 2013-07-10 21:55 - 00001711 ____A C:\Users\OR\Desktop\JRT.txt 2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 21:49 - 2013-07-10 21:49 - 00552874 ____A (Oleg N. Scherbakov) C:\Users\OR\Downloads\JRT.exe 2013-07-10 21:41 - 2013-07-10 21:42 - 00020917 ____A C:\AdwCleaner[S1].txt 2013-07-10 21:39 - 2013-07-10 21:39 - 00650027 ____A C:\Users\OR\Downloads\adwcleaner.exe 2013-07-10 19:28 - 2013-07-10 19:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 19:27 - 2013-07-10 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-10 17:29 - 2013-07-10 17:30 - 00025720 ____A C:\Users\OR\Downloads\Addition.txt 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 21:44 - 00000907 ____A C:\Windows\setupact.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:49 - 2013-07-10 16:50 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 15:57 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-10 15:57 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-10 15:57 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-10 15:57 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:22 - 2013-07-10 15:19 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:19 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151921.backup 2013-07-10 15:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151828.backup 2013-07-10 15:13 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151317.backup 2013-07-10 15:05 - 2013-07-10 15:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:05 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 10:19 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 10:19 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 10:19 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 10:19 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 10:19 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 10:19 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 10:19 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-08 12:14 - 2013-07-08 14:16 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 15:57 - 2013-07-05 16:32 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\system32\roboot64.exe 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00139264 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00069632 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javacpl.cpl 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2013-06-20 12:49 - 2013-06-20 12:50 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-18 15:46 - 2013-06-25 16:53 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:21 - 2013-02-17 01:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:09 - 2013-06-20 12:59 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 22:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 22:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 22:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 22:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 22:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 22:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== One Month Modified Files and Folders ======= 2013-07-10 21:55 - 2013-07-10 21:55 - 00001711 ____A C:\Users\OR\Desktop\JRT.txt 2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 21:49 - 2013-07-10 21:49 - 00552874 ____A (Oleg N. Scherbakov) C:\Users\OR\Downloads\JRT.exe 2013-07-10 21:45 - 1601-01-02 06:16 - 00210848 ____A C:\Windows\system32\fastboot.set 2013-07-10 21:44 - 2013-07-10 17:27 - 00000907 ____A C:\Windows\setupact.log 2013-07-10 21:44 - 2012-07-15 06:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-10 21:44 - 1601-01-02 06:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 21:42 - 2013-07-10 21:41 - 00020917 ____A C:\AdwCleaner[S1].txt 2013-07-10 21:41 - 2012-11-04 18:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 21:40 - 2012-11-05 22:35 - 00000000 ____D C:\Users\OR\Documents\Outlook-Dateien 2013-07-10 21:39 - 2013-07-10 21:39 - 00650027 ____A C:\Users\OR\Downloads\adwcleaner.exe 2013-07-10 21:39 - 2012-07-15 06:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-10 19:44 - 2012-11-10 20:54 - 00000382 ____A C:\Windows\Tasks\update-sys.job 2013-07-10 19:33 - 2013-07-10 19:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 19:27 - 2013-07-10 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-10 19:03 - 2012-11-10 21:10 - 00000382 ____A C:\Windows\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001.job 2013-07-10 18:21 - 1601-01-02 06:16 - 01621244 ____A C:\Windows\system32\PerfStringBackup.INI 2013-07-10 18:21 - 1601-01-02 06:16 - 00700418 ____A C:\Windows\system32\perfh007.dat 2013-07-10 18:21 - 1601-01-02 06:16 - 00149182 ____A C:\Windows\system32\perfc007.dat 2013-07-10 17:30 - 2013-07-10 17:29 - 00025720 ____A C:\Users\OR\Downloads\Addition.txt 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:50 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 16:08 - 2012-11-19 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 16:08 - 2011-10-10 10:19 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 16:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 16:05 - 2012-11-05 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 16:05 - 2012-07-15 05:40 - 00608972 ____A C:\Windows\WindowsUpdate.log 2013-07-10 15:58 - 1601-01-02 06:16 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 15:51 - 2012-11-06 02:54 - 00000000 ____D C:\Users\OR\AppData\Local\CrashDumps 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:24 - 2013-07-10 15:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:19 - 2013-07-10 15:22 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-09 08:34 - 1601-01-02 06:16 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-09 08:34 - 1601-01-02 06:16 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-08 14:16 - 2013-07-08 12:14 - 00010689 ____A C:\Users\OR\Desktop\Umsatzplan.xlsx 2013-07-05 19:33 - 2012-10-31 12:07 - 00000000 ____D C:\Users\OR\swoffice-ten 2013-07-05 16:32 - 2013-07-05 15:57 - 00077824 ____A C:\Users\OR\Desktop\Provisionen_DM.xls 2013-07-05 14:28 - 2012-10-31 12:07 - 00000607 ____A C:\Users\OR\ClientCache.script 2013-07-05 14:28 - 2012-10-31 12:07 - 00000438 ____A C:\Users\OR\ClientCache.properties 2013-07-05 14:28 - 2012-10-31 12:07 - 00000042 ____A C:\Users\OR\ClientCache.log 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 14:15 - 2012-11-04 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-02 14:15 - 2012-11-04 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-02 14:15 - 2012-11-04 18:33 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-02 09:32 - 2012-11-14 02:58 - 00000000 ____D C:\Users\OR\AppData\Roaming\Mozilla 2013-06-28 19:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 19:32 - 2012-12-20 20:30 - 01599138 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-27 17:04 - 2013-05-07 11:48 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-06-25 16:53 - 2013-06-18 15:46 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-24 16:43 - 2012-11-12 13:53 - 00000000 ____D C:\ACFNet 2013-06-20 12:59 - 2013-06-16 14:09 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-20 12:58 - 2012-11-10 20:17 - 00024694 ____A C:\jre.log 2013-06-20 12:58 - 2012-11-10 20:17 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.6.0_02-b06.log 2013-06-20 12:50 - 2013-06-20 12:49 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-19 09:27 - 2012-10-31 10:01 - 00002254 ____A C:\Users\OR\Desktop\OneKey Recovery.lnk 2013-06-19 09:19 - 1601-01-02 06:16 - 00002016 ____A C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2013-06-18 15:04 - 2013-06-18 15:04 - 00411885 ____A C:\Users\OR\Desktop\Kontakte.CSV 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 15:02 - 2012-11-16 15:56 - 00000476 ____A C:\Windows\ODBC.INI 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:41 - 2012-10-31 11:57 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Users\OR\twentyonestarter 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Program Files\twentyone 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-18 10:19 - 2012-11-14 00:29 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-18 10:17 - 2012-11-02 00:32 - 01092512 ____A (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:08 - 2012-11-10 20:17 - 00000000 ____D C:\Users\Public\Anwendungsdaten 2013-06-14 12:09 - 2012-11-13 14:11 - 00005345 ____A C:\Users\OR\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html 2013-06-13 20:24 - 2012-10-31 17:13 - 00000000 ____D C:\Users\OR\Documents\Hanseatischer FinanzService 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 14:34 - 2012-11-14 00:29 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-12 01:25 - 2013-07-10 15:57 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 22:21 ==================== End Of Log ============================ --- --- --- |
11.07.2013, 07:17 | #9 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.htmlESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.07.2013, 16:42 | #10 |
| survey-central.deadlyblessing.com/home.html ESET ist komplett durchgelaufen und hat nichtes gefunden. Das Programm habe ich nach dem Schließen deinstallieren lassen, daher konnte ich keine Log-Datei mehr finden. Soll ich das wiederholen?? Oder reicht die Info? Hier die Auswertung von Security Check: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Java(TM) 6 Update 2 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Lenovo Instant Reset DamageGuardSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST folgt... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 Ran by OR (administrator) on 11-07-2013 17:43:56 Running from C:\Users\OR\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apache Software Foundation) C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe (mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe (COMPANYVERS_NAME) C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (BISS GmbH) C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Skillbrains) C:\Users\OR\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe (6 Wunderkinder GmbH) C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.Updater.TrayApp.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ( ) C:\Program Files (x86)\LockKey\LockKey.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (RSA, The Security Division of EMC.) C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [170264 2012-03-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [398616 2012-03-02] (Intel Corporation) HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [440600 2012-03-02] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] - "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe" [1022592 2012-04-28] (Atheros Communications) HKLM\...\Run: [AthBtTray] - "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe" [801920 2012-04-28] (Atheros Commnucations) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-15] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-15] (Lenovo) HKCU\...\Run: [LightShot] - C:\Users\OR\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] () HKCU\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [213936 2006-03-20] (Macrovision Corporation) HKCU\...\Run: [Wunderlist] - "C:\Users\OR\AppData\Local\Apps\2.0\LX1EODJ3.HTX\DKCNPL6M.3E2\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent [6924288 2013-03-17] (6 Wunderkinder GmbH) HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-15] (Google Inc.) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {7f297150-ce30-11e1-b85b-806e6f6e6963} - F:\viewer.exe HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2012-01-26] (Lenovo, Inc.) HKLM-x32\...\Run: [YouCam Mirage] - "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-15] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( ) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [PaperPort PTD] - "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [36864 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] - "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [40960 2005-11-05] (ScanSoft, Inc.) HKLM-x32\...\Run: [RSA Card Conversion Utility] - C:\Program Files (x86)\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background [3499728 2010-08-27] (RSA, The Security Division of EMC.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - "C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65srchmn.exe" /m=2 /w /h [x] HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65brmon.exe [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe /show [x] Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NÜRNBERGER AutoUpdater.lnk ShortcutTarget: NÜRNBERGER AutoUpdater.lnk -> C:\Windows\Installer\{366D38BF-E12D-48FB-9F01-EEF3E7DCADEF}\BT.Setup.Updater.T_CD8CBA3468C240F981B372C3EA3FF361.exe (Acresso Software Inc.) Startup: C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/?ie=10 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sport1.de/ hxxp://www.consors.de/ hxxp://www.diba.de/ hxxp://www.finanzen.net/aktien/DAX-Realtimekurse hxxp://www.xing.com/ hxxp://www.finanzen.net/aktien/Euro_Stoxx_50-Realtimekurse hxxp://www.meine-ksk.de/ hxxp://www.facebook.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10 URLSearchHook: (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No File SearchScopes: HKCU - {1026DF48-72E4-4D65-B345-61A9375FCBF0} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} SearchScopes: HKCU - {1DE2CD27-0085-42DC-A343-67156AB36340} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65bar.dll No File BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.hypoport.de/dana-cached/sc/JuniperSetupClient.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\OR\AppData\Roaming\Mozilla\Firefox\Profiles\azekr1jk.default FF Homepage: hxxp://www.sport1.de/|hxxp://www.consors.de/|hxxp://www.diba.de/|hxxp://www.finanzen.net/aktien/DAX-Realtimekurse|hxxp://www.xing.com/|hxxp://www.finanzen.net/aktien/Euro_Stoxx_50-Realtimekurse|hxxp://www.meine-ksk.de/|hxxp://www.facebook.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin FF Extension: No Name - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin Chrome: ======= CHR Extension: (Avira Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0 CHR Extension: (Softonic Chrome Toolbar) - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0 CHR Extension: () - C:\Users\OR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.3 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AragMscKV; C:\Program Files (x86)\AragMscKV\apache-tomcat\bin\tomcat5.exe [53248 2007-03-05] (Apache Software Foundation) R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.) R2 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited) R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) R2 FromDocToPDF_65Service; C:\PROGRA~2\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-11] (COMPANYVERS_NAME) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 NbgAutoUpdater; C:\Program Files (x86)\NÜRNBERGER AutoUpdater\BT.Setup.InstallationsDienst.exe [21072 2013-04-25] (NÜRNBERGER Versicherungsgruppe) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 WinRiskXASmClSoftwareUpdate; C:\Program Files (x86)\InterRisk\WinRiskXA\smart\client\bin\BWUpdater.exe [24576 2012-04-18] (BISS GmbH) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 aucapi; C:\Windows\System32\DRIVERS\aucapi.sys [234800 2009-09-21] (Auerswald GmbH & Co.KG ) R3 aumpa; C:\Windows\System32\DRIVERS\aumpa.sys [169520 2009-09-21] (Auerswald GmbH & Co.KG ) S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [206896 2009-09-21] (Auerswald GmbH & Co.KG ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) R1 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo) R1 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo) S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-11 17:38 - 2013-07-11 17:38 - 00890988 ____A C:\Users\OR\Downloads\SecurityCheck.exe 2013-07-11 17:30 - 2013-07-11 17:30 - 02347384 ____A (ESET) C:\Users\OR\Downloads\esetsmartinstaller_enu(1).exe 2013-07-11 11:05 - 2013-07-11 11:05 - 02347384 ____A (ESET) C:\Users\OR\Downloads\esetsmartinstaller_enu.exe 2013-07-10 21:55 - 2013-07-10 21:55 - 00001711 ____A C:\JRT.txt 2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 21:49 - 2013-07-10 21:49 - 00552874 ____A (Oleg N. Scherbakov) C:\Users\OR\Downloads\JRT.exe 2013-07-10 21:41 - 2013-07-10 21:42 - 00020917 ____A C:\AdwCleaner[S1].txt 2013-07-10 21:39 - 2013-07-10 21:39 - 00650027 ____A C:\Users\OR\Downloads\adwcleaner.exe 2013-07-10 19:28 - 2013-07-10 19:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 19:27 - 2013-07-10 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-10 17:29 - 2013-07-10 17:30 - 00025720 ____A C:\Users\OR\Downloads\Addition.txt 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-11 07:33 - 00000963 ____A C:\Windows\setupact.log 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:49 - 2013-07-10 16:50 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 15:57 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-10 15:57 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-10 15:57 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-10 15:57 - 2013-06-12 01:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-10 15:57 - 2013-06-07 05:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-10 15:57 - 2013-06-07 04:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:22 - 2013-07-10 15:19 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:19 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151921.backup 2013-07-10 15:18 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151828.backup 2013-07-10 15:13 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts.20130710-151317.backup 2013-07-10 15:05 - 2013-07-10 15:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:05 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-10 10:19 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-10 10:19 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-10 10:19 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-10 10:19 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-10 10:19 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 10:19 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-10 10:19 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-04 16:59 - 2012-12-19 15:53 - 00019632 ____A (PerformerSoft LLC) C:\Windows\system32\roboot64.exe 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00139264 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2013-06-20 12:58 - 2007-07-12 02:22 - 00069632 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javacpl.cpl 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2013-06-20 12:58 - 2007-07-12 01:22 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2013-06-20 12:49 - 2013-06-20 12:50 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-18 15:46 - 2013-06-25 16:53 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:21 - 2013-02-17 01:40 - 00028672 ____A (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:09 - 2013-06-20 12:59 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 22:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 22:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 22:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 22:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 22:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 22:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 22:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 22:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 22:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 22:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 22:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== One Month Modified Files and Folders ======= 2013-07-11 17:41 - 2012-11-04 18:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-11 17:39 - 2012-07-15 06:26 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-11 17:38 - 2013-07-11 17:38 - 00890988 ____A C:\Users\OR\Downloads\SecurityCheck.exe 2013-07-11 17:33 - 2012-11-12 13:53 - 00000000 ____D C:\ACFNet 2013-07-11 17:30 - 2013-07-11 17:30 - 02347384 ____A (ESET) C:\Users\OR\Downloads\esetsmartinstaller_enu(1).exe 2013-07-11 16:57 - 2012-10-31 17:13 - 00000000 ____D C:\Users\OR\Documents\Hanseatischer FinanzService 2013-07-11 16:53 - 2012-11-05 22:35 - 00000000 ____D C:\Users\OR\Documents\Outlook-Dateien 2013-07-11 16:32 - 1601-01-02 06:16 - 01621244 ____A C:\Windows\system32\PerfStringBackup.INI 2013-07-11 16:32 - 1601-01-02 06:16 - 00700418 ____A C:\Windows\system32\perfh007.dat 2013-07-11 16:32 - 1601-01-02 06:16 - 00149182 ____A C:\Windows\system32\perfc007.dat 2013-07-11 16:27 - 2012-11-10 20:54 - 00000382 ____A C:\Windows\Tasks\update-sys.job 2013-07-11 15:03 - 2012-11-10 21:10 - 00000382 ____A C:\Windows\Tasks\update-S-1-5-21-1515061152-1345135165-2226213091-1001.job 2013-07-11 11:05 - 2013-07-11 11:05 - 02347384 ____A (ESET) C:\Users\OR\Downloads\esetsmartinstaller_enu.exe 2013-07-11 08:39 - 2012-07-15 06:26 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-11 07:34 - 1601-01-02 06:16 - 00214714 ____A C:\Windows\system32\fastboot.set 2013-07-11 07:33 - 2013-07-10 17:27 - 00000963 ____A C:\Windows\setupact.log 2013-07-11 07:33 - 1601-01-02 06:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 23:49 - 2012-11-14 03:04 - 00000000 ____D C:\ProgramData\firebird 2013-07-10 21:55 - 2013-07-10 21:55 - 00001711 ____A C:\JRT.txt 2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 21:49 - 2013-07-10 21:49 - 00552874 ____A (Oleg N. Scherbakov) C:\Users\OR\Downloads\JRT.exe 2013-07-10 21:42 - 2013-07-10 21:41 - 00020917 ____A C:\AdwCleaner[S1].txt 2013-07-10 21:39 - 2013-07-10 21:39 - 00650027 ____A C:\Users\OR\Downloads\adwcleaner.exe 2013-07-10 19:33 - 2013-07-10 19:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 19:27 - 2013-07-10 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-10 17:30 - 2013-07-10 17:29 - 00025720 ____A C:\Users\OR\Downloads\Addition.txt 2013-07-10 17:28 - 2013-07-10 17:28 - 01776857 ____A (Farbar) C:\Users\OR\Downloads\FRST64.exe 2013-07-10 17:28 - 2013-07-10 17:28 - 00000000 ____D C:\FRST 2013-07-10 17:27 - 2013-07-10 17:27 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 17:09 - 2013-07-10 17:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OR\Downloads\tdsskiller.exe 2013-07-10 16:50 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\Documents\Youcam 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Roaming\CyberLink 2013-07-10 16:49 - 2013-07-10 16:49 - 00000000 ____D C:\Users\OR\AppData\Local\CyberLink 2013-07-10 16:42 - 2013-07-10 16:42 - 00002042 ____A C:\Users\OR\Desktop\twentyone.lnk 2013-07-10 16:08 - 2012-11-19 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 16:08 - 2011-10-10 10:19 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 16:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 16:05 - 2012-11-05 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 16:05 - 2012-07-15 05:40 - 00608972 ____A C:\Windows\WindowsUpdate.log 2013-07-10 15:58 - 1601-01-02 06:16 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 15:51 - 2012-11-06 02:54 - 00000000 ____D C:\Users\OR\AppData\Local\CrashDumps 2013-07-10 15:24 - 2013-07-10 15:24 - 00000000 ____D C:\Users\OR\Documents\ProcAlyzer Dumps 2013-07-10 15:24 - 2013-07-10 15:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 15:19 - 2013-07-10 15:22 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts.20130710-152243.backup 2013-07-10 15:05 - 2013-07-10 15:05 - 00001412 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-10 15:05 - 2013-07-10 15:05 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-07-10 15:03 - 2013-07-10 15:03 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\OR\Downloads\spybotsd-2.1.20-SR1.exe 2013-07-09 08:34 - 1601-01-02 06:16 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-09 08:34 - 1601-01-02 06:16 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-05 19:33 - 2012-10-31 12:07 - 00000000 ____D C:\Users\OR\swoffice-ten 2013-07-05 14:28 - 2012-10-31 12:07 - 00000607 ____A C:\Users\OR\ClientCache.script 2013-07-05 14:28 - 2012-10-31 12:07 - 00000438 ____A C:\Users\OR\ClientCache.properties 2013-07-05 14:28 - 2012-10-31 12:07 - 00000042 ____A C:\Users\OR\ClientCache.log 2013-07-04 16:59 - 2013-07-04 16:59 - 00000000 ____D C:\Users\OR\AppData\Roaming\PlusWinks 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\Users\OR\AppData\Local\Macromedia 2013-07-02 14:15 - 2013-07-02 14:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-07-02 14:15 - 2012-11-04 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-02 14:15 - 2012-11-04 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-02 14:15 - 2012-11-04 18:33 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-02 13:52 - 2013-07-02 13:52 - 00000000 ____D C:\Users\OR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\twentyone 2013-07-02 13:48 - 2013-07-02 13:48 - 00160768 ____A C:\Users\OR\OutlookSync.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00118784 ____A C:\Users\OR\Tapi3Provider.dll 2013-07-02 13:48 - 2013-07-02 13:48 - 00035328 ____A C:\Users\OR\SwofficeWordExport.dll 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\Users\OR\AppData\Local\Mozilla 2013-07-02 09:32 - 2013-07-02 09:32 - 00000000 ____D C:\ProgramData\Mozilla 2013-07-02 09:32 - 2012-11-14 02:58 - 00000000 ____D C:\Users\OR\AppData\Roaming\Mozilla 2013-06-28 19:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-28 19:34 - 2013-06-28 19:34 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-06-28 19:34 - 2013-06-28 19:34 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 19:34 - 2013-06-28 19:34 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 19:34 - 2013-06-28 19:34 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 19:34 - 2013-06-28 19:34 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-06-28 19:34 - 2013-06-28 19:34 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 19:32 - 2012-12-20 20:30 - 01599138 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-27 17:04 - 2013-05-07 11:48 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-06-25 16:53 - 2013-06-18 15:46 - 00000000 ____D C:\Users\OR\AppData\Roaming\Foxit Software 2013-06-20 12:59 - 2013-06-16 14:09 - 00002278 ____A C:\Users\Public\Desktop\Zurich Deutscher Herold-Leben.lnk 2013-06-20 12:58 - 2012-11-10 20:17 - 00024694 ____A C:\jre.log 2013-06-20 12:58 - 2012-11-10 20:17 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.6.0_02-b06.log 2013-06-20 12:50 - 2013-06-20 12:49 - 00000748 ____A C:\Excp.log 2013-06-20 12:46 - 2013-06-20 12:46 - 00002738 ____A C:\Users\Public\Desktop\VOLKSWOHL BUND Komfort.lnk 2013-06-19 09:27 - 2012-10-31 10:01 - 00002254 ____A C:\Users\OR\Desktop\OneKey Recovery.lnk 2013-06-19 09:19 - 1601-01-02 06:16 - 00002016 ____A C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2013-06-18 15:04 - 2013-06-18 15:04 - 00038421 ____A C:\Users\OR\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-06-18 15:02 - 2013-06-18 15:02 - 00448512 ____A C:\Users\OR\Documents\outlook.xls 2013-06-18 15:02 - 2013-06-18 15:02 - 00038415 ____A C:\Users\OR\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-06-18 15:02 - 2012-11-16 15:56 - 00000476 ____A C:\Windows\ODBC.INI 2013-06-18 11:41 - 2013-06-18 11:41 - 00190752 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2013-06-18 11:41 - 2013-06-18 11:41 - 00171808 ____A (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2013-06-18 11:41 - 2012-10-31 11:57 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Users\OR\twentyonestarter 2013-06-18 11:31 - 2012-10-31 11:59 - 00000000 ____D C:\Program Files\twentyone 2013-06-18 11:21 - 2013-06-18 11:21 - 00000000 ___HD C:\Windows\msdownld.tmp 2013-06-18 11:09 - 2013-06-18 11:09 - 00000000 ____D C:\Windows\system32\EventProviders 2013-06-18 10:19 - 2012-11-14 00:29 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-18 10:17 - 2012-11-02 00:32 - 01092512 ____A (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-16 14:17 - 2013-06-16 14:17 - 00026624 ____A C:\Users\OR\Desktop\Kopie von Produktion 2011-2013 Rozehnal VWB.xls 2013-06-16 14:08 - 2012-11-10 20:17 - 00000000 ____D C:\Users\Public\Anwendungsdaten 2013-06-14 12:09 - 2012-11-13 14:11 - 00005345 ____A C:\Users\OR\AppData\Local\BWSmartClientAppRes.WinRisk_Login.html 2013-06-13 15:42 - 2013-06-13 15:42 - 00011257 ____N C:\Users\OR\Desktop\Blanko_Anlage_Untervertriebe.xlsx 2013-06-13 11:01 - 2013-06-13 11:01 - 00000000 ____D C:\Users\OR\Documents\BeamYourScreen 2013-06-12 14:34 - 2012-11-14 00:29 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 01:43 - 2013-07-10 15:57 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 01:42 - 2013-07-10 15:57 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-12 01:26 - 2013-07-10 15:57 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-12 01:25 - 2013-07-10 15:57 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-12 01:25 - 2013-07-10 15:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-11 14:47 - 2013-06-11 14:47 - 00000000 ____D C:\Users\OR\AppData\Roaming\webex 2013-06-11 13:51 - 2013-06-11 13:51 - 00000000 ____D C:\ProgramData\WebEx ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 22:21 ==================== End Of Log ============================ Geändert von rozi2007 (11.07.2013 um 16:47 Uhr) Grund: FRST ergänzt |
11.07.2013, 19:17 | #11 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.html Java und Adobe updaten. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2013, 18:00 | #12 |
| survey-central.deadlyblessing.com/home.html Keine Probleme mehr, soweit ich das sehen kann Danke sehr!!! |
14.07.2013, 19:04 | #13 |
/// the machine /// TB-Ausbilder | survey-central.deadlyblessing.com/home.html Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu survey-central.deadlyblessing.com/home.html |
auswertung, beitrag, boot, computer, detected, device, empfehlung, fake, files, harddisk, installiert, intel, link, popup, problem, programm, rootkit, scan, servicepack, services, system32, tdss, tool, version, windows |