Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2013, 18:48   #1
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Hallo,

meine Freundin hat ein Problem mit ihrem Laptop.
Seit ca. einer Woche spinnt ihr Firefox rum, ist langsamer und spuckt mehr Werbung als sonst aus.
Habe die Scans mit GMER und OTL probiert, beide Programme sind allerdings abgestürzt (OTL beim Durchsuchen der Firefox-Dateien). Die Suche mit avast hat keine Funde ergeben.

Außerdem hat sich seit gestern die Uhrzeit des Laptops verstellt.

Was gibt's zu tun?

Danke

Alt 22.07.2013, 18:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.07.2013, 19:01   #3
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Huhu,

danke schonmal, dass du mir hilfst :-)

Hier die log files:

frst.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gesa (administrator) on 22-07-2013 04:02:58
Running from C:\Users\Gesa\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = 
SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default
FF user.js: detected! => C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\user.js
FF SelectedSearchEngine: LEO Eng-Deu v2.0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\zonealarm.xml
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U3 pxloapog; \??\C:\Users\Gesa\AppData\Local\Temp\pxloapog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-17 21:13 - 2013-07-17 21:13 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-07-17 21:03 - 2013-07-22 03:25 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 04:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-22 03:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 03:49 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-22 03:30 - 2013-01-07 10:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
2013-07-22 03:27 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon
2013-07-22 03:26 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox
2013-07-22 03:26 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox
2013-07-22 03:25 - 2013-07-17 21:03 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-22 03:25 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-22 00:08 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3
2013-07-21 21:21 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat
2013-07-21 21:21 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat
2013-07-21 21:21 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-21 21:17 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-21 20:48 - 2012-11-02 04:20 - 01464447 _____ C:\windows\WindowsUpdate.log
2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink
2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ
2013-07-19 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium
2013-07-17 21:13 - 2013-07-17 21:13 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk
2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump
2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml
2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP
2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe
2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-15 16:06 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D

C:\Windows\SysWOW64\explorer.exe
[2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D



LastRegBack: 2013-07-21 13:16

==================== End Of Log ============================
         
--- --- ---


addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by Gesa at 2013-07-22 04:03:23
Running from C:\Users\Gesa\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citavi (x32 Version: 3.4.0.2)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
Driver Mender (x32 Version: 8.1)
Dropbox (HKCU Version: 2.0.22)
Easy File Share (x32 Version: 1.3.4)
E-POP (x32 Version: 1.0.1)
EPSON PhotoQuicker3.4 (x32)
EPSON PRINT Image Framer Tool2.0 (x32)
ESC64 Referenzhandbuch (x32)
ESC64 Softwarehandbuch (x32)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Help Desk (Version: 1.0.6)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PIF DESIGNER2.0 (x32)
Plants vs. Zombies (x32)
Plus-HD-2.3 (x32 Version: 1.27.153.8)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.7.2)
S Agent (Version: 1.0.8)
ScanToWeb (x32)
Settings (x32 Version: 2.0.0)
Support Center FAQ (x32 Version: 1.0.5)
SW Update (x32 Version: 2.0.24)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
User Guide (x32 Version: 1.3.00)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Xerox PhotoCafe (x32 Version: 1.0.0.6162)
Zip Opener Packages (HKCU)
ZoneAlarm Firewall (x32 Version: 11.0.000.038)
ZoneAlarm Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Free Firewall (x32 Version: 11.0.000.504)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (x32 Version: 11.0.000.038)
ZoneAlarm Security (x32 Version: 11.0.000.504)
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11)

==================== Restore Points  =========================

03-07-2013 07:23:12 Geplanter Prüfpunkt
15-07-2013 16:04:56 Windows Update
17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {33C6A779-1E01-47B3-9DCF-184C77754E90} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-17] (Plus HD)
Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2013 03:49:12 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000218a
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
Vollständiger Name des fehlerhaften Pakets: gmer_2.1.19163.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: gmer_2.1.19163.exe5

Error: (07/22/2013 03:25:20 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x1628
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: MSDTCC:\windows\system32\msdtcuiu.DLL4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: ESENTC:\windows\system32\esentprf.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/22/2013 00:02:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x1344
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/21/2013 11:01:33 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4


System errors:
=============
Error: (07/21/2013 09:20:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/21/2013 09:20:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht.

Error: (07/21/2013 09:17:10 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/21/2013 07:45:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/21/2013 07:45:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht.

Error: (07/21/2013 07:42:35 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎21.‎07.‎2013 um 19:02:14 unerwartet heruntergefahren.

Error: (07/21/2013 07:42:23 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/21/2013 07:42:06 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)
Description: 32212265131146048

Error: (07/17/2013 09:17:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/17/2013 09:17:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht.


Microsoft Office Sessions:
=========================
Error: (07/22/2013 03:49:12 AM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218a48401ce867d5386bcbaC:\Users\Gesa\Desktop\gmer_2.1.19163.exeC:\Users\Gesa\Desktop\gmer_2.1.19163.exee80603e6-f270-11e2-beba-2089840f95a4

Error: (07/22/2013 03:25:20 AM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc162801ce867a4a75b206C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe9284bf6e-f26d-11e2-beba-2089840f95a4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: MSDTCC:\windows\system32\msdtcuiu.DLL4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: ESENTC:\windows\system32\esentprf.dll4

Error: (07/22/2013 00:50:51 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/22/2013 00:02:57 AM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc134401ce865e06b88a4bC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe4c4d5e0d-f251-11e2-beba-2089840f95a4

Error: (07/21/2013 11:01:33 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4


CodeIntegrity Errors:
===================================
  Date: 2013-07-22 04:00:47.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 03:26:57.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 00:33:04.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 22:55:33.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 21:20:18.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 20:38:10.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 20:22:51.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 20:00:03.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 19:45:43.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-21 18:10:13.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 6035.54 MB
Available physical RAM: 3855.82 MB
Total Pagefile: 12179.54 MB
Available Pagefile: 10155.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.82 GB) (Free:380.46 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2)

Partition: GPT Partition Type
==================== End Of Log ============================
         

__________________

Alt 22.07.2013, 20:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2013, 21:09   #5
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Hallo again, es klappt soweit, bis das logfile geschrieben wird, dann arbeitet das Programm nicht mehr weiter. Zumindest habe ich 20 Minuten gewartet und es passiert gar nichts mehr.


Alt 23.07.2013, 08:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Warte ein wenig länger. Hast Du das Programm einfach abgebrochen?
__________________
--> Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam

Alt 23.07.2013, 09:10   #7
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Ja, habe das Programm geschlossen (hat sich direkt geschlossen, als ich auf das Kreuzchen geklickt habe), dann den Rechner nochmal neu gestartet, das Programm nochmal ausgeführt, länger gewartet, aber es passiert dann einfach gar nichts mehr, Totenstille. Programm schließen war wohl keine gute Idee?

Alt 23.07.2013, 09:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Nit wirklich

Poste mal ein frisches FRST log bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2013, 11:08   #9
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gesa (administrator) on 22-07-2013 20:04:21
Running from C:\Users\Gesa\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {458F81A2-AB83-49E5-AB35-209537637518} URL =
SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default
FF user.js: detected! => C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\user.js
FF SelectedSearchEngine: LEO Eng-Deu v2.0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\zonealarm.xml
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:03 - 2013-07-22 04:03 - 00029603 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-07-17 21:03 - 2013-07-22 16:29 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-22 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-22 19:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 19:56 - 2012-11-02 04:20 - 01575953 _____ C:\windows\WindowsUpdate.log
2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix
2013-07-22 19:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 18:32 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox
2013-07-22 18:16 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat
2013-07-22 18:16 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat
2013-07-22 18:16 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-22 16:58 - 2013-01-07 10:42 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-22 16:38 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3
2013-07-22 16:33 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox
2013-07-22 16:31 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon
2013-07-22 16:29 - 2013-07-17 21:03 - 00001838 _____ C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
2013-07-22 16:29 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps
2013-07-22 16:29 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-22 06:18 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-22 06:17 - 2012-08-05 23:07 - 00727334 _____ C:\windows\PFRO.log
2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:03 - 2013-07-22 04:03 - 00029603 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink
2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ
2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-17 21:03 - 2013-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\DSite
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk
2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump
2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml
2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP
2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe
2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D

C:\Windows\SysWOW64\explorer.exe
[2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D



LastRegBack: 2013-07-21 13:16

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by Gesa at 2013-07-22 20:04:43
Running from C:\Users\Gesa\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

  
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citavi (x32 Version: 3.4.0.2)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
Driver Mender (x32 Version: 8.1)
Dropbox (HKCU Version: 2.0.22)
Easy File Share (x32 Version: 1.3.4)
E-POP (x32 Version: 1.0.1)
EPSON PhotoQuicker3.4 (x32)
EPSON PRINT Image Framer Tool2.0 (x32)
ESC64 Referenzhandbuch (x32)
ESC64 Softwarehandbuch (x32)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Help Desk (Version: 1.0.6)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PIF DESIGNER2.0 (x32)
Plants vs. Zombies (x32)
Plus-HD-2.3 (x32 Version: 1.27.153.8)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.7.2)
S Agent (Version: 1.0.8)
ScanToWeb (x32)
Settings (x32 Version: 2.0.0)
Support Center FAQ (x32 Version: 1.0.5)
SW Update (x32 Version: 2.0.24)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
User Guide (x32 Version: 1.3.00)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Xerox PhotoCafe (x32 Version: 1.0.0.6162)
Zip Opener Packages (HKCU)
ZoneAlarm Firewall (x32 Version: 11.0.000.038)
ZoneAlarm Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Free Firewall (x32 Version: 11.0.000.504)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (x32 Version: 11.0.000.038)
ZoneAlarm Security (x32 Version: 11.0.000.504)
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11)

==================== Restore Points  =========================

03-07-2013 07:23:12 Geplanter Prüfpunkt
15-07-2013 16:04:56 Windows Update
17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4
22-07-2013 03:38:40 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-07-22 05:44 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {33C6A779-1E01-47B3-9DCF-184C77754E90} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-07-17] (Plus HD)
Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2013 08:03:11 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d70

Startzeit: 01ce87058fe8cded

Endzeit: 4294967295

Anwendungspfad: C:\Users\Gesa\Desktop\FRST64.exe

Berichts-ID: f7f765a2-f2f8-11e2-bebb-2089840f95a4

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/22/2013 06:33:35 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: )
Description: MSDTCC:\windows\system32\msdtcuiu.DLL4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: )
Description: ESENTC:\windows\system32\esentprf.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib) (User: )
Description: BITSC:\windows\System32\bitsperf.dll4

Error: (07/22/2013 04:29:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x1e2c
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/22/2013 07:08:04 AM) (Source: MsiInstaller) (User: PC-1)
Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (07/22/2013 07:08:03 AM) (Source: MsiInstaller) (User: PC-1)
Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,


System errors:
=============
Error: (07/22/2013 08:04:05 PM) (Source: DCOM) (User: PC-1)
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (07/22/2013 07:01:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:48:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:39:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:48:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:46:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:44:04 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Norton Online Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/22/2013 06:32:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:30:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/22/2013 06:17:11 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (07/22/2013 08:03:11 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.1d7001ce87058fe8cded4294967295C:\Users\Gesa\Desktop\FRST64.exef7f765a2-f2f8-11e2-bebb-2089840f95a4

Error: (07/22/2013 06:33:35 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\windows\system32\wbem\wmiaprpl.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: )
Description: MSDTCC:\windows\system32\msdtcuiu.DLL4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: )
Description: ESENTC:\windows\system32\esentprf.dll4

Error: (07/22/2013 06:33:34 PM) (Source: Perflib)(User: )
Description: BITSC:\windows\System32\bitsperf.dll4

Error: (07/22/2013 04:29:14 PM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc1e2c01ce86e7d2b8ceb3C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe14c85b7a-f2db-11e2-bebb-2089840f95a4

Error: (07/22/2013 07:08:04 AM) (Source: MsiInstaller)(User: PC-1)
Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/22/2013 07:08:03 AM) (Source: MsiInstaller)(User: PC-1)
Description: Product: Norton Online Backup -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , , (NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2013-07-22 19:58:27.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 18:45:13.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 18:33:48.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 18:21:30.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 17:26:29.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 17:16:48.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 16:58:58.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 16:58:14.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-22 16:58:13.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-07-22 16:58:11.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 6035.54 MB
Available physical RAM: 3961.23 MB
Total Pagefile: 12179.54 MB
Available Pagefile: 9970.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.82 GB) (Free:380.59 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Alt 23.07.2013, 11:58   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2013, 18:22   #11
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Hallo hallo,
hier die Ergebnisse:

Code:
ATTFilter
AdwCleaner[S1].txt:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 23/07/2013 um 01:25:57 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzer : Gesa - PC-1

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Gesa\Desktop\adwcleaner.exe

# Option [Löschen]

 

 

**** [Dienste] ****

 

 

***** [Dateien / Ordner] *****

 

Datei Gelöscht : C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\zonealarm.xml

Datei Gelöscht : C:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job

Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.3

Ordner Gelöscht : C:\ProgramData\boost_interprocess

Ordner Gelöscht : C:\Users\Gesa\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

Ordner Gelöscht : C:\Users\Gesa\AppData\Roaming\DSite

 

***** [Registrierungsdatenbank] *****

 

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

 

***** [Internet Browser] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

[OK] Die Registrierungsdatenbank ist sauber.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

Datei : C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\prefs.js

 

C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\user.js ... Gelöscht !

 

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

Gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.3342[...]

 

*************************

 

AdwCleaner[S1].txt - [3850 octets] - [23/07/2013 01:25:57]

 

########## EOF - C:\AdwCleaner[S1].txt - [3910 octets] ##########
         
--- --- ---
Code:
ATTFilter
JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 8 x64
Ran by Gesa on 23.07.2013 at  1:32:18,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Gesa\AppData\Roaming\mozilla\firefox\profiles\wz30lo2y.default\prefs.js

user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n  /************************************************************
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13fee1338371dcd14fad16c62e2b9e5c");
Emptied folder: C:\Users\Gesa\AppData\Roaming\mozilla\firefox\profiles\wz30lo2y.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at  1:36:35,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gesa (administrator) on 23-07-2013 01:37:05
Running from C:\Users\Gesa\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe
(Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt
2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT
2013-07-23 01:25 - 2013-07-23 01:26 - 00003975 _____ C:\AdwCleaner[S1].txt
2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe
2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe
2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:03 - 2013-07-22 20:04 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt
2013-07-23 01:33 - 2013-01-07 10:42 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT
2013-07-23 01:31 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon
2013-07-23 01:30 - 2012-11-02 04:20 - 01598668 _____ C:\windows\WindowsUpdate.log
2013-07-23 01:29 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox
2013-07-23 01:29 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps
2013-07-23 01:28 - 2013-01-07 13:09 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CheckPoint
2013-07-23 01:28 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-23 01:27 - 2012-08-05 23:07 - 00729648 _____ C:\windows\PFRO.log
2013-07-23 01:27 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-23 01:26 - 2013-07-23 01:25 - 00003975 _____ C:\AdwCleaner[S1].txt
2013-07-23 01:25 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat
2013-07-23 01:25 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat
2013-07-23 01:25 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe
2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe
2013-07-23 00:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 00:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-07-23 00:31 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3
2013-07-23 00:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-22 23:55 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox
2013-07-22 20:04 - 2013-07-22 04:03 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix
2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink
2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ
2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk
2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump
2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml
2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP
2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe
2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D

C:\Windows\SysWOW64\explorer.exe
[2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D



LastRegBack: 2013-07-21 13:16

==================== End Of Log ============================
         
--- --- ---

Alt 23.07.2013, 19:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2013, 10:30   #13
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=066b027e9cf9784a8538df02d82fe2d7
# engine=14509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 06:34:52
# local_time=2013-07-23 08:34:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=774 16777213 85 91 472762 151271164 0 0
# compatibility_mode=5893 16776574 100 94 10761288 34067403 0 0
# compatibility_mode=9217 16776894 75 4 3933325 3933325 0 0
# scanned=190227
# found=0
# cleaned=0
# scan_time=2981
         

Code:
ATTFilter
Results of screen317's Security Check version 0.99.70 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus  
Windows Defender  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     11.8.800.94 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
 CheckPoint ZoneAlarm vsmon.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gesa (administrator) on 23-07-2013 08:44:01
Running from C:\Users\Gesa\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe
(Dropbox, Inc.) C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Driver Mender] - C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4036976 2013-07-16] (PC Drivers Headquarters)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
Startup: C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {458F81A2-AB83-49E5-AB35-209537637518} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {458F81A2-AB83-49E5-AB35-209537637518} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\searchplugins\leo-eng-deu-v20.xml
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
FF Extension: zonealarm.com - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: LEO Suche - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
FF Extension: No Name - C:\Users\Gesa\AppData\Roaming\Mozilla\Firefox\Profiles\wz30lo2y.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-17] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-23 07:42 - 2013-07-23 07:42 - 02347384 _____ (ESET) C:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe
2013-07-23 07:41 - 2013-07-23 07:41 - 00891062 _____ C:\Users\Gesa\Desktop\SecurityCheck.exe
2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt
2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT
2013-07-23 01:25 - 2013-07-23 01:26 - 00003975 _____ C:\AdwCleaner[S1].txt
2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe
2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe
2013-07-22 18:45 - 2013-07-22 19:54 - 00000000 ____D C:\ComboFix
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 05:38 - 2013-07-22 05:44 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:38 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-22 05:38 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-22 05:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-22 05:38 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:03 - 2013-07-22 20:04 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-17 21:13 - 2013-07-22 06:20 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:12 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:28 - 2013-07-17 20:29 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:11 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EpPicPrt.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\EPPicMgr.dll
2013-07-17 20:11 - 2006-10-31 00:10 - 00000097 _____ C:\windows\SysWOW64\PICSDK.ini
2013-07-17 20:11 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK2.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICEntry.dll
2013-07-17 20:11 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\windows\SysWOW64\PICSDK.dll
2013-07-17 20:11 - 2005-06-01 00:20 - 00111932 _____ C:\windows\SysWOW64\EPPICPrinterDB.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00031053 _____ C:\windows\SysWOW64\EPPICPattern131.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00027417 _____ C:\windows\SysWOW64\EPPICPattern121.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00026154 _____ C:\windows\SysWOW64\EPPICPattern1.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00024903 _____ C:\windows\SysWOW64\EPPICPattern3.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00021390 _____ C:\windows\SysWOW64\EPPICPattern5.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00020148 _____ C:\windows\SysWOW64\EPPICPattern2.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00013732 _____ C:\windows\SysWOW64\EPPICLocal_EN.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00011811 _____ C:\windows\SysWOW64\EPPICPattern4.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00006442 _____ C:\windows\SysWOW64\EPPICLocal_IT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_PT.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006347 _____ C:\windows\SysWOW64\EPPICLocal_BP.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006335 _____ C:\windows\SysWOW64\EPPICLocal_GE.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_FR.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006195 _____ C:\windows\SysWOW64\EPPICLocal_CF.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006122 _____ C:\windows\SysWOW64\EPPICLocal_DU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00006103 _____ C:\windows\SysWOW64\EPPICLocal_ES.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005817 _____ C:\windows\SysWOW64\EPPICLocal_KO.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00005436 _____ C:\windows\SysWOW64\EPPICLocal_SC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00004943 _____ C:\windows\SysWOW64\EPPICPattern6.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00002889 _____ C:\windows\SysWOW64\EPPICLocal_RU.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00002426 _____ C:\windows\SysWOW64\EPPICLocal_TC.cfg
2013-07-17 20:11 - 2004-03-03 06:10 - 00001146 _____ C:\windows\SysWOW64\EPPICPresetData_DU.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_PT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001139 _____ C:\windows\SysWOW64\EPPICPresetData_BP.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001136 _____ C:\windows\SysWOW64\EPPICPresetData_ES.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_FR.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001129 _____ C:\windows\SysWOW64\EPPICPresetData_CF.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001120 _____ C:\windows\SysWOW64\EPPICPresetData_IT.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001107 _____ C:\windows\SysWOW64\EPPICPresetData_GE.dat
2013-07-17 20:11 - 2004-03-03 06:10 - 00001104 _____ C:\windows\SysWOW64\EPPICPresetData_EN.dat
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 19:57 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-17 19:57 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-17 19:57 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-17 19:56 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-17 19:56 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-17 19:56 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-17 19:56 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-07-17 19:56 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-17 19:56 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-17 19:56 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-17 19:56 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-17 19:56 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-17 19:56 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-17 19:56 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-17 19:56 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-17 19:56 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-17 19:56 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-17 19:56 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-17 19:56 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-17 19:56 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 19:56 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-17 19:56 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-17 19:56 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-17 19:56 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:57 - 2013-06-28 00:04 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 20:57 - 2013-06-28 00:04 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-14 09:35 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-14 09:35 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-14 09:35 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-14 09:35 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-14 09:35 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-14 09:35 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-14 09:35 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-14 09:35 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-14 09:35 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-14 09:35 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-14 09:35 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-03 11:40 - 2013-07-03 11:42 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-23 08:42 - 2012-11-02 05:45 - 00000360 _____ C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2013-07-23 08:35 - 2013-01-07 10:42 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
2013-07-23 08:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-07-23 07:59 - 2013-03-15 16:01 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 07:51 - 2012-11-02 04:20 - 01613944 _____ C:\windows\WindowsUpdate.log
2013-07-23 07:42 - 2013-07-23 07:42 - 02347384 _____ (ESET) C:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe
2013-07-23 07:41 - 2013-07-23 07:41 - 00891062 _____ C:\Users\Gesa\Desktop\SecurityCheck.exe
2013-07-23 07:34 - 2012-11-02 20:24 - 00754172 _____ C:\windows\system32\perfh007.dat
2013-07-23 07:34 - 2012-11-02 20:24 - 00156362 _____ C:\windows\system32\perfc007.dat
2013-07-23 07:34 - 2012-07-26 09:28 - 01748838 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-23 07:33 - 2012-11-02 05:35 - 00000000 ____D C:\ProgramData\WinClon
2013-07-23 07:32 - 2013-01-10 23:17 - 00000000 ___RD C:\Users\Gesa\Dropbox
2013-07-23 07:32 - 2013-01-10 23:13 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Dropbox
2013-07-23 07:31 - 2013-01-07 10:35 - 00000000 ____D C:\Users\Gesa\AppData\Local\CrashDumps
2013-07-23 07:31 - 2012-11-02 05:25 - 00000868 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-23 02:29 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\Documents\Citavi 3
2013-07-23 01:36 - 2013-07-23 01:36 - 00003892 _____ C:\Users\Gesa\Desktop\JRT.txt
2013-07-23 01:32 - 2013-07-23 01:32 - 00000000 ____D C:\windows\ERUNT
2013-07-23 01:28 - 2013-01-07 13:09 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CheckPoint
2013-07-23 01:27 - 2012-08-05 23:07 - 00729648 _____ C:\windows\PFRO.log
2013-07-23 01:27 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-23 01:26 - 2013-07-23 01:25 - 00003975 _____ C:\AdwCleaner[S1].txt
2013-07-23 01:23 - 2013-07-23 01:23 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gesa\Desktop\JRT.exe
2013-07-23 01:22 - 2013-07-23 01:22 - 00666633 _____ C:\Users\Gesa\Desktop\adwcleaner.exe
2013-07-22 20:04 - 2013-07-22 04:03 - 00030627 _____ C:\Users\Gesa\Desktop\Addition.txt
2013-07-22 19:54 - 2013-07-22 18:45 - 00000000 ____D C:\ComboFix
2013-07-22 19:02 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-07-22 18:45 - 2013-07-22 18:45 - 00000659 _____ C:\Users\Gesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ComboFix.lnk
2013-07-22 16:46 - 2012-11-02 05:25 - 00000870 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-22 16:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-22 06:20 - 2013-07-17 21:13 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-22 05:44 - 2013-07-22 05:38 - 00000000 ____D C:\windows\erdnt
2013-07-22 05:38 - 2013-07-22 05:38 - 00000000 ____D C:\Qoobox
2013-07-22 05:33 - 2013-07-22 05:33 - 05091940 ____R (Swearware) C:\Users\Gesa\Desktop\ComboFix.exe
2013-07-22 04:02 - 2013-07-22 04:02 - 00000000 ____D C:\FRST
2013-07-22 04:01 - 2013-07-22 04:01 - 01779363 _____ (Farbar) C:\Users\Gesa\Desktop\FRST64.exe
2013-07-22 03:45 - 2013-07-22 03:45 - 00377856 _____ C:\Users\Gesa\Desktop\gmer_2.1.19163.exe
2013-07-22 03:35 - 2013-07-22 03:35 - 00602112 _____ (OldTimer Tools) C:\Users\Gesa\Desktop\OTL.exe
2013-07-22 03:34 - 2013-07-22 03:34 - 00000470 _____ C:\Users\Gesa\Desktop\defogger_disable.log
2013-07-22 03:34 - 2013-07-22 03:34 - 00000000 _____ C:\Users\Gesa\defogger_reenable
2013-07-22 03:34 - 2013-01-07 10:33 - 00000000 ____D C:\Users\Gesa
2013-07-22 03:33 - 2013-07-22 03:33 - 00050477 _____ C:\Users\Gesa\Desktop\Defogger.exe
2013-07-21 21:16 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-07-21 20:42 - 2013-01-15 10:37 - 00000000 ____D C:\Users\Gesa\Documents\aktuelles
2013-07-21 19:26 - 2013-07-21 19:26 - 00000000 ____D C:\Users\Gesa\Documents\CyberLink
2013-07-21 19:26 - 2013-03-13 14:23 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\CyberLink
2013-07-20 10:25 - 2013-02-09 11:25 - 00000000 ____D C:\Users\Gesa\Documents\MaZ
2013-07-19 10:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-18 16:54 - 2013-01-07 18:50 - 00000000 ____D C:\Users\Gesa\Documents\Studium
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-17 21:13 - 2013-07-17 21:13 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-17 21:13 - 2013-04-17 20:49 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-17 21:13 - 2013-01-07 12:59 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-17 21:02 - 2013-07-17 21:02 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Zip Opener Packages
2013-07-17 21:00 - 2013-07-17 21:00 - 00793536 _____ C:\Users\Gesa\Downloads\ZipOpenerSetup.exe
2013-07-17 20:50 - 2013-07-17 20:50 - 00004294 _____ C:\windows\System32\Tasks\Driver Mender-RTMScan
2013-07-17 20:50 - 2013-07-17 20:50 - 00003758 _____ C:\windows\System32\Tasks\Driver Mender-RTMUpdater
2013-07-17 20:50 - 2013-07-17 20:50 - 00003748 _____ C:\windows\System32\Tasks\Driver Mender-RTMRules
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\Downloads\Driver Mender
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\Users\Gesa\AppData\Local\PC_Drivers_Headquarters
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\UAB
2013-07-17 20:50 - 2013-07-17 20:50 - 00000000 ____D C:\ProgramData\Driver Mender
2013-07-17 20:32 - 2013-07-17 20:32 - 00000000 ____D C:\Program Files (x86)\Driver Mender
2013-07-17 20:29 - 2013-07-17 20:28 - 02060320 _____ (Driver Mender) C:\Users\Gesa\Downloads\DriverMender.exe
2013-07-17 20:18 - 2013-04-16 14:01 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Softwarehandbuch.lnk
2013-07-17 20:16 - 2012-11-02 04:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-17 20:15 - 2013-04-16 13:58 - 00002003 _____ C:\Users\Gesa\Desktop\ESC64 Referenzhandbuch.lnk
2013-07-17 20:11 - 2013-07-17 20:11 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\InstallShield
2013-07-17 20:10 - 2013-07-17 20:10 - 02597888 _____ C:\Users\Gesa\Downloads\epson320037eu.exe
2013-07-17 10:59 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-07-17 10:19 - 2013-07-17 10:19 - 00356616 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 20:55 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 20:55 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-16 20:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-07-16 20:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism
2013-07-16 20:52 - 2013-07-16 20:52 - 00286400 _____ C:\windows\Minidump\071613-40875-01.dmp
2013-07-16 20:52 - 2013-02-27 19:46 - 00000000 ____D C:\windows\Minidump
2013-07-16 20:52 - 2013-01-08 13:43 - 00417564 _____ C:\windows\system32\Drivers\vsconfig.xml
2013-07-16 20:51 - 2013-05-16 19:07 - 603696102 _____ C:\windows\MEMORY.DMP
2013-07-16 20:51 - 2013-01-07 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 14:58 - 2013-01-07 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 14:56 - 2013-01-07 21:27 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 11:39 - 2013-01-07 11:18 - 00000000 ____D C:\Users\Gesa\AppData\Local\Adobe
2013-07-16 11:20 - 2013-03-15 16:01 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 16:12 - 2013-07-15 16:12 - 00000000 ____D C:\Users\Gesa\Documents\Ausbildung Personzentrierte Beratung
2013-07-03 11:42 - 2013-07-03 11:40 - 00000000 ____D C:\Users\Gesa\Documents\Freiwilligen Kolleg 2014
2013-07-03 09:05 - 2013-07-03 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-28 00:04 - 2013-07-16 20:57 - 00693112 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-07-16 20:57 - 00078200 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-24 22:56 - 2013-01-13 11:36 - 00000000 ____D C:\Users\Gesa\AppData\Roaming\Swiss Academic Software

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-07-17 19:56] - [2013-06-01 13:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D

C:\Windows\SysWOW64\explorer.exe
[2013-07-17 19:56] - [2013-06-01 12:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-07-17 19:56] - [2013-06-01 13:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D



LastRegBack: 2013-07-21 13:16

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013
Ran by Gesa at 2013-07-23 08:44:29
Running from C:\Users\Gesa\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

  
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citavi (x32 Version: 3.4.0.2)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
Driver Mender (x32 Version: 8.1)
Dropbox (HKCU Version: 2.0.22)
Easy File Share (x32 Version: 1.3.4)
E-POP (x32 Version: 1.0.1)
EPSON PhotoQuicker3.4 (x32)
EPSON PRINT Image Framer Tool2.0 (x32)
ESC64 Referenzhandbuch (x32)
ESC64 Softwarehandbuch (x32)
Fotogalerie (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Help Desk (Version: 1.0.6)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2857)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Norton Online Backup (x32 Version: 2.2.3.51)
Norton Online Backup ARA (x32 Version: 4.1.0.14)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PIF DESIGNER2.0 (x32)
Plants vs. Zombies (x32)
Plus-HD-2.3 (x32 Version: 1.27.153.8)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Recovery (x32 Version: 6.0.7.2)
S Agent (Version: 1.0.8)
ScanToWeb (x32)
Settings (x32 Version: 2.0.0)
Support Center FAQ (x32 Version: 1.0.5)
SW Update (x32 Version: 2.0.24)
Synaptics Pointing Device Driver (Version: 16.2.14.2)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
User Guide (x32 Version: 1.3.00)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Xerox PhotoCafe (x32 Version: 1.0.0.6162)
Zip Opener Packages (HKCU)
ZoneAlarm Firewall (x32 Version: 11.0.000.038)
ZoneAlarm Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Free Firewall (x32 Version: 11.0.000.504)
ZoneAlarm Security (x32 Version: 11.0.000.038)
ZoneAlarm Security (x32 Version: 11.0.000.504)
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11)

==================== Restore Points  =========================

03-07-2013 07:23:12 Geplanter Prüfpunkt
15-07-2013 16:04:56 Windows Update
17-07-2013 18:15:51 Installiert EPSON PhotoQuicker3.4
22-07-2013 03:38:40 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-07-22 05:44 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00E9CC8F-ED61-468D-A268-0590EE9D2244} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {02CD7B3A-72EC-480C-8CEF-444DC74AA06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {08765697-FB44-4358-B1EC-6410D53B8688} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {1547B376-BB00-4440-86CB-FC8D205C77BF} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe No File
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A763B0B-2631-4019-B4FC-1CDDBD5FDF24} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1ECAA72A-B1D1-4BF2-976F-2871B9E8E3A1} - System32\Tasks\Driver Mender-RTMUpdater => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2B7BAC2D-F63E-48E7-AF09-7F166B12F5E1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {2E279641-85E2-4F9A-B343-CD164DB0C823} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {355EF836-4DF4-4408-8023-4896CC201ABE} - System32\Tasks\Driver Mender-RTMRules => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {42B61E09-9A27-4AD8-831C-77D33DA0EEC0} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {443DEA7B-CF89-4C8E-9565-9049FC929B7D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {58701ECB-C626-4407-9F2C-BDAF527A7EAF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5FA1D43C-5CB6-4723-BFE8-140EF3BF62D4} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {733C0B9A-6266-4C59-AF2F-5417044F979B} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-15] (SEC)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B7706679-00A3-4375-8B49-30E568417F13} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-04] (Samsung Electronics CO., LTD.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C9F60583-8347-4E8B-84C4-DA2DF7648931} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D51F8F0B-0765-4A36-A805-C1FBF247EEDA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {DA2A3F30-F175-4466-8439-1CDB2234E145} - System32\Tasks\Driver Mender-RTMScan => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [2013-07-16] (PC Drivers Headquarters)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC66A630-F941-4EA6-9910-AEA49C5140A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3140881342-1294397179-3039362648-1001
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E61AE307-85AF-4CCC-A180-237EC470D930} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E80DC7B9-5986-4D71-B86B-D213D14253E0} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-10-17] (Samsung Electronics CO., LTD.)
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EB57B27B-3498-43DA-B6D8-226637F04B36} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F4ED0505-05D1-4B14-B6F3-5B464DFEE5C7} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2013 08:38:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:43:37 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:43:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:43:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:43:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:42:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:42:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/23/2013 07:31:38 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xe1c
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/23/2013 02:30:25 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: IAStorIcon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:

Server stack trace:
   bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   bei IAStorIcon.StorageIcon.Stop()
   bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application.RaiseExit()
   bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run()
   bei IAStorIcon.Program.Main()


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/23/2013 08:38:03 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/23/2013 07:43:37 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:43:34 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:43:28 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:43:28 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:42:59 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Desktop\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:42:54 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gesa\Downloads\esetsmartinstaller_enu.exe

Error: (07/23/2013 07:31:38 AM) (Source: Application Error)(User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cce1c01ce8765e3214eceC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe253cc8dc-f359-11e2-bebc-2089840f95a4

Error: (07/23/2013 02:30:25 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: IAStorIcon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:

Server stack trace:
   bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   bei IAStorIcon.StorageIcon.Stop()
   bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application.RaiseExit()
   bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run()
   bei IAStorIcon.Program.Main()


CodeIntegrity Errors:
===================================
  Date: 2013-07-23 08:42:29.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 08:40:42.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 02:30:28.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 01:38:59.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 01:30:26.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 01:29:47.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-23 01:12:44.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 21:34:52.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 20:38:04.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-22 19:58:27.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 6035.54 MB
Available physical RAM: 3802.73 MB
Total Pagefile: 12179.54 MB
Available Pagefile: 9960.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.82 GB) (Free:380.56 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6260AFE2)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Nochmals danke. Erstaunlich, dass du bei den ganzen kryptischen Zahlen und Buchstaben überhaupt etwas erkennst.


Alt 24.07.2013, 11:48   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Adobe bitte updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 09:42   #15
Moonpix
 
Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Standard

Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam



Hallo again,

danke für die Unterstützung, hat alles funktioniert und läuft wieder.

Wahnsinn, was ihr hier auf die Beine stellt, großes Lob von mir!

Antwort

Themen zu Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam
abgestürzt, avast, browser, durchsuchen, firefox, freundin, funde, gestern, gmer, langsam, langsamer, laptops, probiert, problem, programme, rum, scans, sehr langsam, spinn, spinnt, spuckt, uhrzeit, virus, virus?, werbung, woche




Ähnliche Themen: Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam


  1. Diverse Probleme mit Rechner und seit neustem: WShelper.exe
    Log-Analyse und Auswertung - 12.01.2015 (36)
  2. seit neustem fehlermeldung bei chrome!
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (13)
  3. Anzeigefehler bei Systemstart/Computer sehr langsam/Uhrzeit ändert sich häufig und mehr (Windows Vista)
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (9)
  4. Virusvermutung: Uhrzeit verstellt sich immer und surfen ist unmöglich!
    Log-Analyse und Auswertung - 17.10.2014 (5)
  5. PC seit 98uj8.de virus sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (12)
  6. Browser lädt Internetseiten sehr sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (11)
  7. Uhrzeit wird verstellt
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (3)
  8. Internet laggt seit neustem
    Netzwerk und Hardware - 13.02.2013 (3)
  9. Meine Uhrzeit im Computer verstellt sich dauernd?
    Netzwerk und Hardware - 22.04.2012 (2)
  10. Uhrzeit verstellt sich immer, TrojanCheck spielt verrückt, habe ich einen Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2011 (4)
  11. Browser seit neuem sehr langsam beim surfen besonders mailabruf
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (9)
  12. Browser nach PCstart sehr sehr langsam
    Log-Analyse und Auswertung - 10.04.2009 (0)
  13. Mein rechner ist seit eine viren attake sehr sehr langsam
    Log-Analyse und Auswertung - 10.02.2009 (0)
  14. Browser seit neustem zu langsam...
    Log-Analyse und Auswertung - 14.09.2008 (1)
  15. CPU Auslastung seit neustem immer 100%
    Log-Analyse und Auswertung - 03.06.2008 (8)
  16. PC sehr langsam seit einem MSN Virus -> N039_jpg und Carlson Dialer
    Log-Analyse und Auswertung - 05.10.2007 (4)
  17. Kann das mal jemand checken?Seit neustem startet auch noch mein Pc neu..
    Log-Analyse und Auswertung - 05.03.2006 (4)

Zum Thema Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam - Hallo, meine Freundin hat ein Problem mit ihrem Laptop. Seit ca. einer Woche spinnt ihr Firefox rum, ist langsamer und spuckt mehr Werbung als sonst aus. Habe die Scans mit - Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam...

Alle Zeitangaben in WEZ +1. Es ist jetzt 14:02 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Virus? seit neustem Uhrzeit verstellt/ Browser sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.