|
Plagegeister aller Art und deren Bekämpfung: Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2013, 18:48 | #1 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Hallo, meine Freundin hat ein Problem mit ihrem Laptop. Seit ca. einer Woche spinnt ihr Firefox rum, ist langsamer und spuckt mehr Werbung als sonst aus. Habe die Scans mit GMER und OTL probiert, beide Programme sind allerdings abgestürzt (OTL beim Durchsuchen der Firefox-Dateien). Die Suche mit avast hat keine Funde ergeben. Außerdem hat sich seit gestern die Uhrzeit des Laptops verstellt. Was gibt's zu tun? Danke |
22.07.2013, 18:53 | #2 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.07.2013, 19:01 | #3 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Huhu,
__________________danke schonmal, dass du mir hilfst :-) Hier die log files: frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Gesa (administrator) on 22-07-2013 04:02:58 Running from C:\Users\Gesa\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com SearchScopes: HKLM - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default FF user.js: detected! => C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\user.js FF SelectedSearchEngine: LEO Eng-Deu v2.0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\zonealarm.xml FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) U3 pxloapog; \??\C:\Users\Gesa\AppData\Local\Temp\pxloapog.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-17 21:13 - 2013-07-17 21:13 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-17 21:03 - 2013-07-22 03:25 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job 2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini 2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll 2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe 2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe 2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll 2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys 2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 04:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-22 03:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 03:49 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-22 03:30 - 2013-01-07 10:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 2013-07-22 03:27 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon 2013-07-22 03:26 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox 2013-07-22 03:26 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox 2013-07-22 03:25 - 2013-07-17 21:03 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job 2013-07-22 03:25 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-22 00:08 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3 2013-07-21 21:21 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat 2013-07-21 21:21 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat 2013-07-21 21:21 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-21 21:17 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-21 20:48 - 2012-11-02 04:20 - 01464447 _____ C:\windows\WindowsUpdate.log 2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink 2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ 2013-07-19 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium 2013-07-17 21:13 - 2013-07-17 21:13 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk 2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism 2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump 2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml 2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP 2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe 2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-15 16:06 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D C:\Windows\SysWOW64\explorer.exe [2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D LastRegBack: 2013-07-21 13:16 ==================== End Of Log ============================ addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Gesa at 2013-07-22 04:03:23 Running from C:\Users\Gesa\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) avast! Free Antivirus (x32 Version: 8.0.1489.0) Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7) Citavi (x32 Version: 3.4.0.2) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Driver Mender (x32 Version: 8.1) Dropbox (HKCU Version: 2.0.22) Easy File Share (x32 Version: 1.3.4) E-POP (x32 Version: 1.0.1) EPSON PhotoQuicker3.4 (x32) EPSON PRINT Image Framer Tool2.0 (x32) ESC64 Referenzhandbuch (x32) ESC64 Softwarehandbuch (x32) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Help Desk (Version: 1.0.6) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2857) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Norton Online Backup (x32 Version: 2.2.3.51) Norton Online Backup ARA (x32 Version: 4.1.0.14) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) PIF DESIGNER2.0 (x32) Plants vs. Zombies (x32) Plus-HD-2.3 (x32 Version: 1.27.153.8) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.7.2) S Agent (Version: 1.0.8) ScanToWeb (x32) Settings (x32 Version: 2.0.0) Support Center FAQ (x32 Version: 1.0.5) SW Update (x32 Version: 2.0.24) Synaptics Pointing Device Driver (Version: 16.2.14.2) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Zip Opener (HKCU) User Guide (x32 Version: 1.3.00) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Xerox PhotoCafe (x32 Version: 1.0.0.6162) Zip Opener Packages (HKCU) ZoneAlarm Firewall (x32 Version: 11.0.000.038) ZoneAlarm Firewall (x32 Version: 11.0.000.504) ZoneAlarm Free Firewall (x32 Version: 11.0.000.504) ZoneAlarm LTD Toolbar ZoneAlarm Security (x32 Version: 11.0.000.038) ZoneAlarm Security (x32 Version: 11.0.000.504) ZoneAlarm Security Toolbar (x32 Version: 1.8.11.11) ==================== Restore Points ========================= 03-07-2013 07:23:12 Geplanter Prüfpunkt 15-07-2013 16:04:56 Windows Update 17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4 ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {33C6A779-1E01-47B3-9DCF-184C77754E90} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-17] (Plus HD) Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC) Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated) Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.) Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 03:49:12 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0x484 Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Vollständiger Name des fehlerhaften Pakets: gmer_2.1.19163.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: gmer_2.1.19163.exe5 Error: (07/22/2013 03:25:20 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x1628 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: MSDTCC:\windows\system32\msdtcuiu.DLL4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: ESENTC:\windows\system32\esentprf.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (07/22/2013 00:02:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x1344 Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (07/21/2013 11:01:33 PM) (Source: Perflib) (User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 System errors: ============= Error: (07/21/2013 09:20:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/21/2013 09:20:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Error: (07/21/2013 09:17:10 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (07/21/2013 07:45:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/21/2013 07:45:41 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Error: (07/21/2013 07:42:35 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 21.07.2013 um 19:02:14 unerwartet heruntergefahren. Error: (07/21/2013 07:42:23 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (07/21/2013 07:42:06 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT) Description: 32212265131146048 Error: (07/17/2013 09:17:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/17/2013 09:17:22 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Microsoft Office Sessions: ========================= Error: (07/22/2013 03:49:12 AM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a48401ce867d5386bcbaC:\Users\Gesa\Desktop\gmer_2.1.19163.exeC:\Users\Gesa\Desktop\gmer_2.1.19163.exee80603e6-f270-11e2-beba-2089840f95a4 Error: (07/22/2013 03:25:20 AM) (Source: Application Error)(User: ) Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc162801ce867a4a75b206C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe9284bf6e-f26d-11e2-beba-2089840f95a4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: MSDTCC:\windows\system32\msdtcuiu.DLL4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: ESENTC:\windows\system32\esentprf.dll4 Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (07/22/2013 00:02:57 AM) (Source: Application Error)(User: ) Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc134401ce865e06b88a4bC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe4c4d5e0d-f251-11e2-beba-2089840f95a4 Error: (07/21/2013 11:01:33 PM) (Source: Perflib)(User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 CodeIntegrity Errors: =================================== Date: 2013-07-22 04:00:47.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 03:26:57.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 00:33:04.522 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 22:55:33.030 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 21:20:18.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 20:38:10.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 20:22:51.652 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 20:00:03.237 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 19:45:43.328 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-21 18:10:13.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 6035.54 MB Available physical RAM: 3855.82 MB Total Pagefile: 12179.54 MB Available Pagefile: 10155.77 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.82 GB) (Free:380.46 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2) Partition: GPT Partition Type ==================== End Of Log ============================ |
22.07.2013, 20:26 | #4 | |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsamCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2013, 21:09 | #5 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Hallo again, es klappt soweit, bis das logfile geschrieben wird, dann arbeitet das Programm nicht mehr weiter. Zumindest habe ich 20 Minuten gewartet und es passiert gar nichts mehr. |
23.07.2013, 08:59 | #6 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Warte ein wenig länger. Hast Du das Programm einfach abgebrochen?
__________________ --> Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam |
23.07.2013, 09:10 | #7 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Ja, habe das Programm geschlossen (hat sich direkt geschlossen, als ich auf das Kreuzchen geklickt habe), dann den Rechner nochmal neu gestartet, das Programm nochmal ausgeführt, länger gewartet, aber es passiert dann einfach gar nichts mehr, Totenstille. Programm schließen war wohl keine gute Idee? |
23.07.2013, 09:47 | #8 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Nit wirklich Poste mal ein frisches FRST log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2013, 11:08 | #9 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsamFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Gesa (administrator) on 22-07-2013 20:04:21 Running from C:\Users\Gesa\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD) Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default FF user.js: detected! => C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\user.js FF SelectedSearchEngine: LEO Eng-Deu v2.0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\zonealarm.xml FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:03 - 2013-07-22 04:03 - 00029603 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-17 21:03 - 2013-07-22 16:29 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job 2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini 2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll 2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe 2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe 2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll 2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys 2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-22 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-22 19:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 19:56 - 2012-11-02 04:20 - 01575953 _____ C:\windows\WindowsUpdate.log 2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix 2013-07-22 19:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 18:32 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox 2013-07-22 18:16 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat 2013-07-22 18:16 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat 2013-07-22 18:16 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-22 16:58 - 2013-01-07 10:42 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-22 16:38 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3 2013-07-22 16:33 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox 2013-07-22 16:31 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon 2013-07-22 16:29 - 2013-07-17 21:03 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job 2013-07-22 16:29 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps 2013-07-22 16:29 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-22 06:18 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-22 06:17 - 2012-08-05 23:07 - 00727334 _____ C:\windows\PFRO.log 2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:03 - 2013-07-22 04:03 - 00029603 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink 2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ 2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk 2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism 2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump 2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml 2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP 2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe 2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D C:\Windows\SysWOW64\explorer.exe [2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D LastRegBack: 2013-07-21 13:16 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Gesa at 2013-07-22 20:04:43 Running from C:\Users\Gesa\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) avast! Free Antivirus (x32 Version: 8.0.1489.0) Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7) Citavi (x32 Version: 3.4.0.2) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Driver Mender (x32 Version: 8.1) Dropbox (HKCU Version: 2.0.22) Easy File Share (x32 Version: 1.3.4) E-POP (x32 Version: 1.0.1) EPSON PhotoQuicker3.4 (x32) EPSON PRINT Image Framer Tool2.0 (x32) ESC64 Referenzhandbuch (x32) ESC64 Softwarehandbuch (x32) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Help Desk (Version: 1.0.6) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2857) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Norton Online Backup (x32 Version: 2.2.3.51) Norton Online Backup ARA (x32 Version: 4.1.0.14) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) PIF DESIGNER2.0 (x32) Plants vs. Zombies (x32) Plus-HD-2.3 (x32 Version: 1.27.153.8) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.7.2) S Agent (Version: 1.0.8) ScanToWeb (x32) Settings (x32 Version: 2.0.0) Support Center FAQ (x32 Version: 1.0.5) SW Update (x32 Version: 2.0.24) Synaptics Pointing Device Driver (Version: 16.2.14.2) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Zip Opener (HKCU) User Guide (x32 Version: 1.3.00) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Xerox PhotoCafe (x32 Version: 1.0.0.6162) Zip Opener Packages (HKCU) ZoneAlarm Firewall (x32 Version: 11.0.000.038) ZoneAlarm Firewall (x32 Version: 11.0.000.504) ZoneAlarm Free Firewall (x32 Version: 11.0.000.504) ZoneAlarm LTD Toolbar ZoneAlarm Security (x32 Version: 11.0.000.038) ZoneAlarm Security (x32 Version: 11.0.000.504) ZoneAlarm Security Toolbar (x32 Version: 1.8.11.11) ==================== Restore Points ========================= 03-07-2013 07:23:12 Geplanter Prüfpunkt 15-07-2013 16:04:56 Windows Update 17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4 22-07-2013 03:38:40 ComboFix created restore point ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-07-22 05:44 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {33C6A779-1E01-47B3-9DCF-184C77754E90} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-17] (Plus HD) Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC) Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated) Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.) Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 08:03:11 PM) (Source: Application Hang) (User: ) Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d70 Startzeit: 01ce87058fe8cded Endzeit: 4294967295 Anwendungspfad: C:\Users\Gesa\Desktop\FRST64.exe Berichts-ID: f7f765a2-f2f8-11e2-bebb-2089840f95a4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (07/22/2013 06:33:35 PM) (Source: Perflib) (User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: ) Description: MSDTCC:\windows\system32\msdtcuiu.DLL4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: ) Description: ESENTC:\windows\system32\esentprf.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: ) Description: BITSC:\windows\System32\bitsperf.dll4 Error: (07/22/2013 04:29:14 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0x1e2c Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (07/22/2013 07:08:04 AM) (Source: MsiInstaller) (User: PC-1) Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , , Error: (07/22/2013 07:08:03 AM) (Source: MsiInstaller) (User: PC-1) Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , , System errors: ============= Error: (07/22/2013 08:04:05 PM) (Source: DCOM) (User: PC-1) Description: {0002DF01-0000-0000-C000-000000000046} Error: (07/22/2013 07:01:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:48:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:39:01 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:48:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:46:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:44:04 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Norton Online Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/22/2013 06:32:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:30:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/22/2013 06:17:11 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Microsoft Office Sessions: ========================= Error: (07/22/2013 08:03:11 PM) (Source: Application Hang)(User: ) Description: FRST64.exe3.3.8.1d7001ce87058fe8cded4294967295C:\Users\Gesa\Desktop\FRST64.exef7f765a2-f2f8-11e2-bebb-2089840f95a4 Error: (07/22/2013 06:33:35 PM) (Source: Perflib)(User: ) Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: ) Description: MSDTCC:\windows\system32\msdtcuiu.DLL4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: ) Description: ESENTC:\windows\system32\esentprf.dll4 Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: ) Description: BITSC:\windows\System32\bitsperf.dll4 Error: (07/22/2013 04:29:14 PM) (Source: Application Error)(User: ) Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc1e2c01ce86e7d2b8ceb3C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe14c85b7a-f2db-11e2-bebb-2089840f95a4 Error: (07/22/2013 07:08:04 AM) (Source: MsiInstaller)(User: PC-1) Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/22/2013 07:08:03 AM) (Source: MsiInstaller)(User: PC-1) Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2013-07-22 19:58:27.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 18:45:13.830 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 18:33:48.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 18:21:30.183 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 17:26:29.779 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 17:16:48.959 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 16:58:58.664 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 16:58:14.307 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-22 16:58:13.854 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-07-22 16:58:11.713 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 6035.54 MB Available physical RAM: 3961.23 MB Total Pagefile: 12179.54 MB Available Pagefile: 9970.23 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.82 GB) (Free:380.59 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2) Partition: GPT Partition Type ==================== End Of Log ============================ |
23.07.2013, 11:58 | #10 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2013, 18:22 | #11 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Hallo hallo, hier die Ergebnisse: Code:
ATTFilter AdwCleaner[S1].txt: AdwCleaner Logfile: Code:
ATTFilter JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Windows 8 x64 Ran by Gesa on 23.07.2013 at 1:32:18,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Gesa\AppData\Roaming\mozilla\firefox\profiles\wz30lo2y.default\prefs.js user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/**************************************************** user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n /************************************************************ user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \" user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \" user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \" user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \" user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \" user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={ user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo"); user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde user_pref("extensions.crossrider.bic", "13fee1338371dcd14fad16c62e2b9e5c"); Emptied folder: C:\Users\Gesa\AppData\Roaming\mozilla\firefox\profiles\wz30lo2y.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.07.2013 at 1:36:35,48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Gesa (administrator) on 23-07-2013 01:37:05 Running from C:\Users\Gesa\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD) Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt 2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT 2013-07-23 01:25 - 2013-07-23 01:26 - 00003975 _____ C:\AdwCleaner[S1].txt 2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe 2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe 2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:03 - 2013-07-22 20:04 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini 2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll 2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe 2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe 2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll 2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys 2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt 2013-07-23 01:33 - 2013-01-07 10:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT 2013-07-23 01:31 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon 2013-07-23 01:30 - 2012-11-02 04:20 - 01598668 _____ C:\windows\WindowsUpdate.log 2013-07-23 01:29 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox 2013-07-23 01:29 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps 2013-07-23 01:28 - 2013-01-07 13:09 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CheckPoint 2013-07-23 01:28 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-23 01:27 - 2012-08-05 23:07 - 00729648 _____ C:\windows\PFRO.log 2013-07-23 01:27 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-23 01:26 - 2013-07-23 01:25 - 00003975 _____ C:\AdwCleaner[S1].txt 2013-07-23 01:25 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat 2013-07-23 01:25 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat 2013-07-23 01:25 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe 2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe 2013-07-23 00:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-23 00:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-07-23 00:31 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3 2013-07-23 00:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-22 23:55 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox 2013-07-22 20:04 - 2013-07-22 04:03 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix 2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink 2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ 2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk 2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism 2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump 2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml 2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP 2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe 2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D C:\Windows\SysWOW64\explorer.exe [2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D LastRegBack: 2013-07-21 13:16 ==================== End Of Log ============================ |
23.07.2013, 19:10 | #12 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsamESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 10:30 | #13 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsamCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=066b027e9cf9784a8538df02d82fe2d7 # engine=14509 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-23 06:34:52 # local_time=2013-07-23 08:34:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=774 16777213 85 91 472762 151271164 0 0 # compatibility_mode=5893 16776574 100 94 10761288 34067403 0 0 # compatibility_mode=9217 16776894 75 4 3933325 3933325 0 0 # scanned=190227 # found=0 # cleaned=0 # scan_time=2981 Code:
ATTFilter Results of screen317's Security Check version 0.99.70 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Windows Defender Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe CheckPoint ZoneAlarm vsmon.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Gesa (administrator) on 23-07-2013 08:44:01 Running from C:\Users\Gesa\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies) HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD) Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff} FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] () S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-23 07:42 - 2013-07-23 07:42 - 02347384 _____ (ESET) C:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe 2013-07-23 07:41 - 2013-07-23 07:41 - 00891062 _____ C:\Users\Gesa\Desktop\SecurityCheck.exe 2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt 2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT 2013-07-23 01:25 - 2013-07-23 01:26 - 00003975 _____ C:\AdwCleaner[S1].txt 2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe 2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe 2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:03 - 2013-07-22 20:04 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll 2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini 2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll 2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll 2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg 2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat 2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe 2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll 2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe 2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll 2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll 2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys 2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-23 08:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job 2013-07-23 08:35 - 2013-01-07 10:42 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 2013-07-23 08:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru 2013-07-23 07:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-23 07:51 - 2012-11-02 04:20 - 01613944 _____ C:\windows\WindowsUpdate.log 2013-07-23 07:42 - 2013-07-23 07:42 - 02347384 _____ (ESET) C:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe 2013-07-23 07:41 - 2013-07-23 07:41 - 00891062 _____ C:\Users\Gesa\Desktop\SecurityCheck.exe 2013-07-23 07:34 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat 2013-07-23 07:34 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat 2013-07-23 07:34 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-23 07:33 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon 2013-07-23 07:32 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox 2013-07-23 07:32 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox 2013-07-23 07:31 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps 2013-07-23 07:31 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-07-23 02:29 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3 2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt 2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT 2013-07-23 01:28 - 2013-01-07 13:09 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CheckPoint 2013-07-23 01:27 - 2012-08-05 23:07 - 00729648 _____ C:\windows\PFRO.log 2013-07-23 01:27 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-23 01:26 - 2013-07-23 01:25 - 00003975 _____ C:\AdwCleaner[S1].txt 2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe 2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe 2013-07-22 20:04 - 2013-07-22 04:03 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt 2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix 2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini 2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk 2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt 2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox 2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe 2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST 2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe 2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe 2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe 2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log 2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable 2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa 2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe 2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles 2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink 2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink 2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ 2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF 2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages 2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe 2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan 2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater 2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB 2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender 2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender 2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe 2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk 2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk 2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield 2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe 2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache 2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism 2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism 2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp 2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump 2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml 2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP 2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe 2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung 2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014 2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D C:\Windows\SysWOW64\explorer.exe [2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D LastRegBack: 2013-07-21 13:16 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Gesa at 2013-07-23 08:44:29 Running from C:\Users\Gesa\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) avast! Free Antivirus (x32 Version: 8.0.1489.0) Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7) Citavi (x32 Version: 3.4.0.2) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735) Driver Mender (x32 Version: 8.1) Dropbox (HKCU Version: 2.0.22) Easy File Share (x32 Version: 1.3.4) E-POP (x32 Version: 1.0.1) EPSON PhotoQuicker3.4 (x32) EPSON PRINT Image Framer Tool2.0 (x32) ESC64 Referenzhandbuch (x32) ESC64 Softwarehandbuch (x32) Fotogalerie (x32 Version: 16.4.3503.0728) Galerie de photos (x32 Version: 16.4.3503.0728) Help Desk (Version: 1.0.6) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11) Intel(R) Control Center (x32 Version: 1.2.1.1008) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2857) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3503.0728) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) Norton Online Backup (x32 Version: 2.2.3.51) Norton Online Backup ARA (x32 Version: 4.1.0.14) Photo Common (x32 Version: 16.4.3503.0728) Photo Gallery (x32 Version: 16.4.3503.0728) PIF DESIGNER2.0 (x32) Plants vs. Zombies (x32) Plus-HD-2.3 (x32 Version: 1.27.153.8) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210) Qualcomm Atheros Client Installation Program (x32 Version: 10.0) Raccolta foto (x32 Version: 16.4.3503.0728) Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030) Recovery (x32 Version: 6.0.7.2) S Agent (Version: 1.0.8) ScanToWeb (x32) Settings (x32 Version: 2.0.0) Support Center FAQ (x32 Version: 1.0.5) SW Update (x32 Version: 2.0.24) Synaptics Pointing Device Driver (Version: 16.2.14.2) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Zip Opener (HKCU) User Guide (x32 Version: 1.3.00) Windows Live (x32 Version: 16.4.3503.0728) Windows Live Communications Platform (x32 Version: 16.4.3503.0728) Windows Live Essentials (x32 Version: 16.4.3503.0728) Windows Live Installer (x32 Version: 16.4.3503.0728) Windows Live Photo Common (x32 Version: 16.4.3503.0728) Windows Live PIMT Platform (x32 Version: 16.4.3503.0728) Windows Live SOXE (x32 Version: 16.4.3503.0728) Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728) Windows Live UX Platform (x32 Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728) Xerox PhotoCafe (x32 Version: 1.0.0.6162) Zip Opener Packages (HKCU) ZoneAlarm Firewall (x32 Version: 11.0.000.038) ZoneAlarm Firewall (x32 Version: 11.0.000.504) ZoneAlarm Free Firewall (x32 Version: 11.0.000.504) ZoneAlarm Security (x32 Version: 11.0.000.038) ZoneAlarm Security (x32 Version: 11.0.000.504) ZoneAlarm Security Toolbar (x32 Version: 1.8.11.11) ==================== Restore Points ========================= 03-07-2013 07:23:12 Geplanter Prüfpunkt 15-07-2013 16:04:56 Windows Update 17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4 22-07-2013 03:38:40 ComboFix created restore point ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-07-22 05:44 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] () Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC) Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated) Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001 Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.) Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2013 08:38:03 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:43:37 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:43:34 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:43:28 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:43:28 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:42:59 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:42:54 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/23/2013 07:31:38 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000000000014d7cc ID des fehlerhaften Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0 Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1 Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2 Berichtskennung: MakeMarkerFile.exe3 Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5 Error: (07/23/2013 02:30:25 AM) (Source: .NET Runtime) (User: ) Description: Anwendung: IAStorIcon.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.InvalidOperationException Stapel: Server stack trace: bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe() bei IAStorIcon.StorageIcon.Stop() bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs) bei System.Windows.Forms.Application.RaiseExit() bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run() bei IAStorIcon.Program.Main() System errors: ============= Microsoft Office Sessions: ========================= Error: (07/23/2013 08:38:03 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/23/2013 07:43:37 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe Error: (07/23/2013 07:43:34 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe Error: (07/23/2013 07:43:28 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe Error: (07/23/2013 07:43:28 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe Error: (07/23/2013 07:42:59 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe Error: (07/23/2013 07:42:54 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Downloads\esetsmartinstaller_enu.exe Error: (07/23/2013 07:31:38 AM) (Source: Application Error)(User: ) Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cce1c01ce8765e3214eceC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe253cc8dc-f359-11e2-bebc-2089840f95a4 Error: (07/23/2013 02:30:25 AM) (Source: .NET Runtime)(User: ) Description: Anwendung: IAStorIcon.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.InvalidOperationException Stapel: Server stack trace: bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc) bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe() bei IAStorIcon.StorageIcon.Stop() bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs) bei System.Windows.Forms.Application.RaiseExit() bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) bei System.Windows.Forms.Application.Run() bei IAStorIcon.Program.Main() CodeIntegrity Errors: =================================== Date: 2013-07-23 08:42:29.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 08:40:42.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 02:30:28.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 01:38:59.100 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 01:30:26.287 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 01:29:47.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-23 01:12:44.040 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 21:34:52.065 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 20:38:04.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-07-22 19:58:27.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 6035.54 MB Available physical RAM: 3802.73 MB Total Pagefile: 12179.54 MB Available Pagefile: 9960.64 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.82 GB) (Free:380.56 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2) Partition: GPT Partition Type ==================== End Of Log ============================ Nochmals danke. Erstaunlich, dass du bei den ganzen kryptischen Zahlen und Buchstaben überhaupt etwas erkennst. |
24.07.2013, 11:48 | #14 |
/// the machine /// TB-Ausbilder | Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Adobe bitte updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.07.2013, 09:42 | #15 |
| Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam Hallo again, danke für die Unterstützung, hat alles funktioniert und läuft wieder. Wahnsinn, was ihr hier auf die Beine stellt, großes Lob von mir! |
Themen zu Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam |
abgestürzt, avast, browser, durchsuchen, firefox, freundin, funde, gestern, gmer, langsam, langsamer, laptops, probiert, problem, programme, rum, scans, sehr langsam, spinn, spinnt, spuckt, uhrzeit, virus, virus?, werbung, woche |