| |
| |||||||
Log-Analyse und Auswertung: Hatte Qvo6 was nunWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.09.2013, 16:53
| #1 |
 |  Hatte Qvo6 was nun Nach allerlei Versuchen den qvo6 rauszubringen war dies nur teilweise möglich. Unter dem IE-Button war er immer noch da. Nachdem ich das System 2 Tage zurückgesetzt habe und wieder gestartet habe ist er anscheinend ganz weg (inzwischen 3 mal gestartet). Ich trau der Sache jedoch nicht deshalb die Frage an die Spezialisten was nun ? Ich arbeite seit Jahren mit: Windows7; AVG; Malwarebytes; selten mit CCleaner Die Logfiles hab ich 3 Stunden vor der System-Rücksetzung erstellt. Gruss Ulf Code:
ATTFilter Malwarebytes Anti- Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 uwchif1 :: DESKTOP-ULF [Administrator] 14.08.2013 11:49:21 mbam-log-2013-08-14 (11-49-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 475716 Laufzeit: 48 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 uwchif1 :: DESKTOP-ULF [Administrator] 31.08.2013 13:48:41 mbam-log-2013-08-31 (13-48-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 474663 Laufzeit: 53 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\uwchif1\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\uwchif1\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 uwchif1 :: DESKTOP-ULF [Administrator] 01.09.2013 08:47:30 mbam-log-2013-09-01 (08-47-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 476568 Laufzeit: 47 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\System Volume Information\SystemRestore\FRStaging\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 uwchif1 :: DESKTOP-ULF [Administrator] 01.09.2013 09:40:28 mbam-log-2013-09-01 (09-40-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 131614 Laufzeit: 17 Minute(n), 1 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\System Volume Information\SystemRestore\FRStaging\Users\uwchif1\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04 Ran by uwchif1 (administrator) on DESKTOP-ULF on 02-09-2013 14:54:16 Running from C:\Users\uwchif1\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.5.0\ScriptHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKCU\...\Run: [SchnellerPC] - C:\Program Files (x86)\SchnellerPC\SCPCLauncher.exe [452584 2013-03-02] (Software Marketing Ltd) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-15] () HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) AppInit_DLLs: [0 ] () Startup: C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/ SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {81A13A02-5941-4CE4-AE8B-B6BBCA9C3C91} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^ch&si=CK-gpd-jo7kCFYWN3godBiAAlA&ptb=8EC418E7-54A6-4905-8782-C4D5EE269429&ind=2013082914&n=77fd3522&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2E139345-69EB-48BD-92F0-F01D71887AD0}&mid=bcea127b049647d6aeda9128c028b174-837f3246ddc3f257f6db68ccd6395faa63eea49b&lang=de&ds=lw011&pr=sa&d=2013-07-25 15:37:53&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2E139345-69EB-48BD-92F0-F01D71887AD0}&mid=bcea127b049647d6aeda9128c028b174-837f3246ddc3f257f6db68ccd6395faa63eea49b&lang=de&ds=lw011&pr=sa&d=2013-07-25 15:37:53&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n8811-91&apn_uid=3719520732344115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Lightning Newtab) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0 CHR Extension: (Skype Click to Call) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1 CHR Extension: (AVG Security Toolbar) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_2 CHR Extension: (Chrome In-App Payments service) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (NCH DE) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\10.11.21.5_0 CHR Extension: (Gmail) - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\uwchif1\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\uwchif1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx CHR HKLM-x32\...\Chrome\Extension: [ommhmgednjnodcljhlljkaiidghdmikk] - C:\Users\uwchif1\AppData\Local\CRE\ommhmgednjnodcljhlljkaiidghdmikk.crx ==================== Services (Whitelisted) ================= S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software) R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] S3 SXDS10; "C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe" \Service [x] ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-31] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 OxPCIeMf; C:\Windows\System32\DRIVERS\OxPCIeMf.sys [62000 2009-09-24] (OEM) R3 OxPCIeSer; C:\Windows\System32\DRIVERS\OxPCIeSer.sys [102960 2009-09-24] (OEM) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics) S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x] S3 lmimirr; system32\DRIVERS\lmimirr.sys [x] S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-02 14:51 - 2013-09-02 14:52 - 01951950 _____ (Farbar) C:\Users\uwchif1\Desktop\FRST64.exe 2013-09-02 14:46 - 2013-09-02 14:46 - 01951950 _____ (Farbar) C:\Users\uwchif1\Downloads\FRST64.exe 2013-09-02 14:25 - 2013-09-02 14:25 - 00000476 _____ C:\Users\uwchif1\Desktop\defogger_disable.log 2013-09-02 14:25 - 2013-09-02 14:25 - 00000000 _____ C:\Users\uwchif1\defogger_reenable 2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SchnellerPC 2013-09-02 14:20 - 2013-09-02 14:20 - 00001005 _____ C:\Users\uwchif1\Desktop\SchnellerPC.lnk 2013-09-02 14:20 - 2013-09-02 14:20 - 00000000 ____D C:\Program Files (x86)\SchnellerPC 2013-09-02 11:29 - 2013-09-02 11:29 - 00000000 ____D E:\Eigene Dokumente\Fax 2013-08-31 23:38 - 2013-08-31 23:38 - 00000000 ____D C:\ProgramData\Browser Manager 2013-08-31 21:26 - 2013-08-31 21:26 - 00004332 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan 2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\LavasoftStatistics 2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus 2013-08-31 21:23 - 2013-09-01 20:09 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Lavasoft 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Downloaded Installations 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\blekko toolbars 2013-08-31 21:22 - 2013-09-01 08:05 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Ad-Aware Antivirus 2013-08-31 21:22 - 2013-08-31 21:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner 2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 _____ C:\autoexec.bat 2013-08-31 20:45 - 2013-08-31 21:07 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP 2013-08-31 20:22 - 2013-08-31 21:08 - 00000000 ____D C:\ProgramData\SpeedMaxPc 2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SpeedMaxPc 2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DriverCure 2013-08-31 19:13 - 2013-08-31 19:13 - 00000000 ___DC C:\Users\uwchif1\AppData\Local\MigWiz 2013-08-31 17:54 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-08-31 17:54 - 2013-08-31 18:36 - 00000000 ____D C:\Program Files (x86)\Amazon 2013-08-31 17:54 - 2013-08-31 17:54 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5792.dll 2013-08-31 13:45 - 2013-09-02 07:42 - 00001064 _____ C:\Windows\setupact.log 2013-08-31 13:45 - 2013-09-01 09:58 - 00003756 _____ C:\Windows\PFRO.log 2013-08-31 13:45 - 2013-08-31 13:45 - 00000000 _____ C:\Windows\setuperr.log 2013-08-30 14:16 - 2013-08-30 14:16 - 00001162 _____ C:\Users\uwchif1\Desktop\AusstellungStG - Verknüpfung.lnk 2013-08-29 21:48 - 2013-08-29 21:48 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5 2013-08-29 21:48 - 2009-09-27 09:39 - 00369152 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll 2013-08-29 21:48 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll 2013-08-29 21:48 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll 2013-08-29 21:48 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll 2013-08-29 21:48 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll 2013-08-29 21:37 - 2013-08-29 21:37 - 00001070 _____ C:\Users\Public\Desktop\SUPER ©.lnk 2013-08-29 21:37 - 2013-08-29 21:37 - 00000000 ____D E:\Eigene Dokumente\eRightSoft 2013-08-29 21:37 - 2012-10-05 19:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll 2013-08-29 21:37 - 2011-06-14 20:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax 2013-08-29 21:37 - 2011-02-11 11:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll 2013-08-29 21:37 - 2010-01-07 00:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll 2013-08-29 21:37 - 2009-03-17 10:38 - 00070656 __RSH C:\Windows\SysWOW64\RLAPEDec.ax 2013-08-29 21:37 - 2009-01-18 17:15 - 00120832 __RSH C:\Windows\SysWOW64\MPCDx.ax 2013-08-29 21:37 - 2009-01-18 12:03 - 00107520 __RSH C:\Windows\SysWOW64\RLMPCDec.ax 2013-08-29 21:37 - 2008-03-16 14:30 - 00216064 __RSH (MONOGRAM Multimedia, s.r.o.) C:\Windows\SysWOW64\nbDX.dll 2013-08-29 21:37 - 2007-02-21 12:47 - 00031232 __RSH (Hans Mayerl) C:\Windows\SysWOW64\msfDX.dll 2013-08-29 21:37 - 2006-09-12 12:46 - 00227328 __RSH () C:\Windows\SysWOW64\ac3DX.ax 2013-08-29 21:37 - 2006-08-16 15:53 - 00175104 __RSH () C:\Windows\SysWOW64\CoreAAC.ax 2013-08-29 21:37 - 2006-05-03 11:06 - 00163328 __RSH (Gabest) C:\Windows\SysWOW64\flvDX.dll 2013-08-29 21:37 - 2006-03-10 21:21 - 00195584 __RSH C:\Windows\SysWOW64\MatroskaDX.ax 2013-08-29 21:37 - 2006-01-13 00:23 - 00123904 __RSH (CoreCodec) C:\Windows\SysWOW64\AVCDX.ax 2013-08-29 21:37 - 2005-11-25 21:46 - 00161792 __RSH (Gabest) C:\Windows\SysWOW64\RealMediaDX.ax 2013-08-29 21:37 - 2005-02-22 17:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax 2013-08-29 21:37 - 2005-02-13 00:00 - 00186880 __RSH (RadLight) C:\Windows\SysWOW64\RLOgg.ax 2013-08-29 21:37 - 2005-02-13 00:00 - 00067584 __RSH (RadLight, LLC) C:\Windows\SysWOW64\RLTheoraDec.ax 2013-08-29 21:37 - 2005-02-13 00:00 - 00051712 __RSH C:\Windows\SysWOW64\RLSpeexDec.ax 2013-08-29 21:37 - 2005-02-06 00:00 - 00092672 __RSH (RadLight) C:\Windows\SysWOW64\RLVorbisDec.ax 2013-08-29 21:37 - 2005-01-18 00:26 - 00179200 __RSH (Gabest) C:\Windows\SysWOW64\DiracSplitter.ax 2013-08-29 21:37 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll 2013-08-29 21:37 - 2004-09-17 04:07 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSSplitter.ax 2013-08-29 21:37 - 2004-08-22 11:56 - 00090112 __RSH (-) C:\Windows\SysWOW64\TTADSDecoder.ax 2013-08-29 21:37 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll 2013-08-29 21:37 - 2004-04-27 17:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax 2013-08-29 21:37 - 2003-12-07 08:59 - 00097280 __RSH C:\Windows\SysWOW64\FLACDX.ax 2013-08-29 21:36 - 2013-08-29 21:37 - 00000000 ____D C:\Program Files (x86)\eRightSoft 2013-08-29 21:35 - 2013-08-29 21:35 - 00000000 ____D C:\ProgramData\Registry Helper 2013-08-29 21:34 - 2013-08-30 09:01 - 00000000 ____D C:\ProgramData\eSafe 2013-08-29 21:24 - 2013-08-29 21:24 - 00000000 ____D C:\Users\uwchif1\AppData\Local\avgchrome 2013-08-29 21:19 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\VideoConverter 2013-08-29 21:19 - 2013-08-29 21:19 - 00003244 _____ C:\Windows\System32\Tasks\DSite 2013-08-29 21:19 - 2013-08-29 21:19 - 00000294 _____ C:\Windows\Tasks\DSite.job 2013-08-29 21:19 - 2013-08-29 21:19 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DSite 2013-08-29 21:17 - 2012-12-18 19:22 - 00039464 _____ (popularscreensavers.com) C:\Windows\SysWOW64\p5PSSavr.scr 2013-08-29 21:16 - 2013-08-29 21:16 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers_7iEI 2013-08-29 21:15 - 2013-08-29 21:15 - 00000000 ____D C:\Users\uwchif1\AppData\Local\IAC 2013-08-29 20:26 - 2013-08-29 20:26 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4zEI 2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\AVS4YOU 2013-08-29 20:01 - 2013-08-29 21:22 - 00000000 ____D C:\Program Files (x86)\AVS4YOU 2013-08-29 20:01 - 2013-08-29 20:02 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-08-29 20:01 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2013-08-29 19:03 - 2013-08-31 19:35 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\FreeVideoConverter 2013-08-29 18:29 - 2013-08-29 18:30 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\MOVAVI 2013-08-29 18:22 - 2013-08-31 19:35 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-08-29 18:22 - 2013-08-30 08:59 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Conduit 2013-08-29 18:22 - 2013-08-29 18:22 - 00000009 _____ C:\END 2013-08-29 18:16 - 2013-08-29 18:17 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{28EE0CF4-4FA1-4831-B70E-305AF422CCA8} 2013-08-27 11:52 - 2013-08-27 11:52 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B0E3A927-825D-4349-A357-AE060E7591F9} 2013-08-25 17:39 - 2013-08-25 17:39 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{4694980C-3B66-4236-A275-8A0D55FEFC63} 2013-08-22 15:06 - 2013-08-22 15:06 - 00001662 _____ C:\Users\uwchif1\Desktop\Ausstellung-Restauration - Verknüpfung.lnk 2013-08-19 02:35 - 2013-08-19 02:35 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx 2013-08-14 17:34 - 2013-08-14 17:35 - 68454702 _____ C:\Users\uwchif1\Downloads\Werkzeuge Manching.zip 2013-08-14 13:46 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 13:46 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 13:46 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 13:46 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 13:46 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 13:46 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 13:46 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 13:46 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 13:46 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 13:46 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 13:46 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 13:46 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 13:46 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 13:45 - 2013-08-14 13:46 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 08:02 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 08:02 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 08:02 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 08:02 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 08:02 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 08:02 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 08:02 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 08:02 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 08:01 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 08:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 08:00 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 08:00 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 08:00 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 08:00 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 08:00 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 08:00 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 08:00 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 08:00 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 08:00 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 08:00 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 08:00 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 08:00 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 08:00 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 08:00 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 08:00 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 08:00 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-08-14 08:00 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-08-14 08:00 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-08-14 08:00 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-08-14 08:00 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-14 08:00 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-08-14 08:00 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-14 08:00 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-14 07:59 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 07:59 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 15:09 - 2013-08-13 15:10 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B77A04AC-DAC8-494F-9E35-F1D8FFA6DA20} 2013-08-13 15:09 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{65664285-D53D-4372-AF47-A49D709217A5} 2013-08-12 20:46 - 2013-08-12 20:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{E8FAFCC9-02B6-4828-A4AF-713A64C4A5A8} 2013-08-12 08:46 - 2013-08-12 08:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3E36D23B-02D4-45A3-9334-BDA9B43B8E2A} 2013-08-07 17:04 - 2013-08-07 17:04 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3F5BC0E4-E415-4B3B-8C54-A74579033DDA} 2013-08-04 09:45 - 2013-08-31 19:35 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\PersBackup5 2013-08-04 09:45 - 2013-08-27 21:58 - 00000000 ____D E:\Eigene Dokumente\PersBackup 2013-08-04 09:44 - 2013-08-04 09:44 - 00000887 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk 2013-08-04 09:44 - 2013-08-04 09:44 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-08-03 17:44 - 2013-08-03 17:44 - 00000000 ____D C:\archive_db 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\launcher 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\explauncher 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\backup 2013-08-03 16:51 - 2013-08-03 16:51 - 00000000 ____D C:\Program Files (x86)\Paragon Software ==================== One Month Modified Files and Folders ======= 2013-09-02 14:52 - 2013-09-02 14:52 - 00000000 ____D C:\FRST 2013-09-02 14:52 - 2013-09-02 14:51 - 01951950 _____ (Farbar) C:\Users\uwchif1\Desktop\FRST64.exe 2013-09-02 14:46 - 2013-09-02 14:46 - 01951950 _____ (Farbar) C:\Users\uwchif1\Downloads\FRST64.exe 2013-09-02 14:44 - 2011-12-14 19:01 - 00000099 _____ C:\Users\Public\LMDebug.log 2013-09-02 14:35 - 2010-07-17 10:52 - 00000000 ____D E:\Eigene Dokumente\Daten-Ulf 2013-09-02 14:25 - 2013-09-02 14:25 - 00000476 _____ C:\Users\uwchif1\Desktop\defogger_disable.log 2013-09-02 14:25 - 2013-09-02 14:25 - 00000000 _____ C:\Users\uwchif1\defogger_reenable 2013-09-02 14:25 - 2010-07-01 12:09 - 00000000 ____D C:\Users\uwchif1 2013-09-02 14:21 - 2013-09-02 14:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SchnellerPC 2013-09-02 14:20 - 2013-09-02 14:20 - 00001005 _____ C:\Users\uwchif1\Desktop\SchnellerPC.lnk 2013-09-02 14:20 - 2013-09-02 14:20 - 00000000 ____D C:\Program Files (x86)\SchnellerPC 2013-09-02 14:14 - 2013-02-21 20:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-02 13:50 - 2012-06-08 13:49 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 2013-09-02 12:58 - 2010-12-28 16:01 - 00000000 ____D C:\ProgramData\MFAData 2013-09-02 11:33 - 2010-04-07 08:30 - 01987809 _____ C:\Windows\WindowsUpdate.log 2013-09-02 11:29 - 2013-09-02 11:29 - 00000000 ____D E:\Eigene Dokumente\Fax 2013-09-02 11:29 - 2009-12-31 06:05 - 00647128 _____ C:\Windows\system32\perfh007.dat 2013-09-02 11:29 - 2009-12-31 06:05 - 00127206 _____ C:\Windows\system32\perfc007.dat 2013-09-02 11:29 - 2009-07-14 07:13 - 01480600 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-02 07:49 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-02 07:49 - 2009-07-14 06:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-02 07:42 - 2013-08-31 13:45 - 00001064 _____ C:\Windows\setupact.log 2013-09-02 07:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-01 20:09 - 2013-08-31 21:23 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-09-01 09:58 - 2013-08-31 13:45 - 00003756 _____ C:\Windows\PFRO.log 2013-09-01 09:06 - 2012-12-13 11:43 - 00000000 ____D E:\Eigene Dokumente\AusstellungStG 2013-09-01 08:23 - 2010-07-01 12:17 - 00001675 _____ C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-01 08:05 - 2013-08-31 21:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Ad-Aware Antivirus 2013-08-31 23:38 - 2013-08-31 23:38 - 00000000 ____D C:\ProgramData\Browser Manager 2013-08-31 21:26 - 2013-08-31 21:26 - 00004332 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan 2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\LavasoftStatistics 2013-08-31 21:26 - 2013-08-31 21:26 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Lavasoft 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\Downloaded Installations 2013-08-31 21:23 - 2013-08-31 21:23 - 00000000 ____D C:\ProgramData\blekko toolbars 2013-08-31 21:22 - 2013-08-31 21:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys 2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner 2013-08-31 21:22 - 2013-08-31 21:22 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2013-08-31 21:08 - 2013-08-31 20:22 - 00000000 ____D C:\ProgramData\SpeedMaxPc 2013-08-31 21:07 - 2013-08-31 20:45 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP 2013-08-31 20:59 - 2011-05-25 15:37 - 00000000 ____D E:\Eigene Dokumente\WOMO 2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-08-31 20:46 - 2013-08-31 20:46 - 00000000 _____ C:\autoexec.bat 2013-08-31 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\SpeedMaxPc 2013-08-31 20:22 - 2013-08-31 20:22 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DriverCure 2013-08-31 19:35 - 2013-08-31 17:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-08-31 19:35 - 2013-08-29 21:19 - 00000000 ____D C:\Program Files (x86)\VideoConverter 2013-08-31 19:35 - 2013-08-29 19:03 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\FreeVideoConverter 2013-08-31 19:35 - 2013-08-29 18:22 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-08-31 19:35 - 2013-08-04 09:45 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\PersBackup5 2013-08-31 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-31 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2013-08-31 19:17 - 2011-12-26 17:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Audacity 2013-08-31 19:17 - 2010-07-03 11:30 - 00000000 ___RD E:\Eigene Dokumente\UlfAntik 2013-08-31 19:17 - 2010-07-01 12:17 - 00000000 ___RD C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-31 19:13 - 2013-08-31 19:13 - 00000000 ___DC C:\Users\uwchif1\AppData\Local\MigWiz 2013-08-31 18:36 - 2013-08-31 17:54 - 00000000 ____D C:\Program Files (x86)\Amazon 2013-08-31 18:36 - 2012-08-02 21:21 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Systweak 2013-08-31 18:35 - 2010-07-03 11:47 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-31 18:15 - 2009-12-31 06:00 - 00000000 ____D C:\Windows\Panther 2013-08-31 17:54 - 2013-08-31 17:54 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.5792.dll 2013-08-31 13:45 - 2013-08-31 13:45 - 00000000 _____ C:\Windows\setuperr.log 2013-08-31 13:25 - 2010-11-15 22:50 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Deployment 2013-08-31 13:12 - 2010-07-22 10:24 - 00000000 ____D C:\ProgramData\Google 2013-08-31 13:12 - 2010-07-03 11:47 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Google 2013-08-31 11:17 - 2011-12-23 14:56 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-08-31 11:17 - 2010-07-02 16:01 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-08-31 11:16 - 2010-07-02 16:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\HpUpdate 2013-08-31 11:16 - 2010-07-02 16:00 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\HP Support Assistant 2013-08-30 14:39 - 2010-07-03 14:07 - 00000000 ____D E:\Eigene Dokumente\Schloss-Bilder-1#1 2013-08-30 14:16 - 2013-08-30 14:16 - 00001162 _____ C:\Users\uwchif1\Desktop\AusstellungStG - Verknüpfung.lnk 2013-08-30 09:51 - 2010-07-03 14:08 - 00000000 ____D E:\Eigene Dokumente\Archiv-Schloss 2013-08-30 09:13 - 2010-07-12 15:09 - 00000000 ____D E:\Eigene Dokumente\Buch-Schlösser 2013-08-30 09:01 - 2013-08-29 21:34 - 00000000 ____D C:\ProgramData\eSafe 2013-08-30 08:59 - 2013-08-29 18:22 - 00000000 ____D C:\Users\uwchif1\AppData\Local\Conduit 2013-08-30 08:05 - 2012-08-02 21:40 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2013-08-30 08:05 - 2009-07-14 04:34 - 71565312 _____ C:\Windows\system32\config\software.bak 2013-08-30 08:05 - 2009-07-14 04:34 - 17039360 _____ C:\Windows\system32\config\system.bak 2013-08-30 08:05 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\security.bak 2013-08-29 22:14 - 2012-08-30 21:15 - 00000000 ____D C:\Program Files (x86)\NCH Software 2013-08-29 22:14 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\sam.bak 2013-08-29 22:11 - 2012-08-02 21:40 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2013-08-29 21:48 - 2013-08-29 21:48 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5 2013-08-29 21:37 - 2013-08-29 21:37 - 00001070 _____ C:\Users\Public\Desktop\SUPER ©.lnk 2013-08-29 21:37 - 2013-08-29 21:37 - 00000000 ____D E:\Eigene Dokumente\eRightSoft 2013-08-29 21:37 - 2013-08-29 21:36 - 00000000 ____D C:\Program Files (x86)\eRightSoft 2013-08-29 21:35 - 2013-08-29 21:35 - 00000000 ____D C:\ProgramData\Registry Helper 2013-08-29 21:24 - 2013-08-29 21:24 - 00000000 ____D C:\Users\uwchif1\AppData\Local\avgchrome 2013-08-29 21:22 - 2013-08-29 20:01 - 00000000 ____D C:\Program Files (x86)\AVS4YOU 2013-08-29 21:19 - 2013-08-29 21:19 - 00003244 _____ C:\Windows\System32\Tasks\DSite 2013-08-29 21:19 - 2013-08-29 21:19 - 00000294 _____ C:\Windows\Tasks\DSite.job 2013-08-29 21:19 - 2013-08-29 21:19 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\DSite 2013-08-29 21:16 - 2013-08-29 21:16 - 00000000 ____D C:\Program Files (x86)\PopularScreensavers_7iEI 2013-08-29 21:15 - 2013-08-29 21:15 - 00000000 ____D C:\Users\uwchif1\AppData\Local\IAC 2013-08-29 21:01 - 2012-08-30 21:16 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2013-08-29 20:43 - 2012-08-30 21:16 - 00000000 ____D C:\ProgramData\NCH Software 2013-08-29 20:38 - 2012-08-30 21:12 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\NCH Software 2013-08-29 20:26 - 2013-08-29 20:26 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4zEI 2013-08-29 20:02 - 2013-08-29 20:02 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\AVS4YOU 2013-08-29 20:02 - 2013-08-29 20:01 - 00000000 ____D C:\ProgramData\AVS4YOU 2013-08-29 18:30 - 2013-08-29 18:29 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\MOVAVI 2013-08-29 18:22 - 2013-08-29 18:22 - 00000009 _____ C:\END 2013-08-29 18:17 - 2013-08-29 18:16 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{28EE0CF4-4FA1-4831-B70E-305AF422CCA8} 2013-08-29 18:13 - 2010-07-03 14:13 - 00000000 ____D E:\Eigene Dokumente\Kamera 2013-08-27 21:58 - 2013-08-04 09:45 - 00000000 ____D E:\Eigene Dokumente\PersBackup 2013-08-27 11:52 - 2013-08-27 11:52 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B0E3A927-825D-4349-A357-AE060E7591F9} 2013-08-25 17:39 - 2013-08-25 17:39 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{4694980C-3B66-4236-A275-8A0D55FEFC63} 2013-08-25 12:08 - 2012-11-27 10:32 - 00000000 ____D E:\Eigene Dokumente\Buch-Altes-Eisen 2013-08-25 09:13 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-22 18:36 - 2012-08-02 21:21 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2013-08-22 15:06 - 2013-08-22 15:06 - 00001662 _____ C:\Users\uwchif1\Desktop\Ausstellung-Restauration - Verknüpfung.lnk 2013-08-19 02:35 - 2013-08-19 02:35 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx 2013-08-16 21:55 - 2010-09-13 18:12 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Skype 2013-08-15 07:42 - 2013-07-25 15:37 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-08-15 07:42 - 2012-11-08 17:09 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-14 17:35 - 2013-08-14 17:34 - 68454702 _____ C:\Users\uwchif1\Downloads\Werkzeuge Manching.zip 2013-08-14 14:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-14 13:46 - 2013-08-14 13:45 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 13:45 - 2010-07-04 08:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 13:44 - 2009-07-14 04:34 - 00000534 _____ C:\Windows\win.ini 2013-08-13 15:10 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{B77A04AC-DAC8-494F-9E35-F1D8FFA6DA20} 2013-08-13 15:09 - 2013-08-13 15:09 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{65664285-D53D-4372-AF47-A49D709217A5} 2013-08-12 20:46 - 2013-08-12 20:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{E8FAFCC9-02B6-4828-A4AF-713A64C4A5A8} 2013-08-12 08:46 - 2013-08-12 08:46 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3E36D23B-02D4-45A3-9334-BDA9B43B8E2A} 2013-08-10 15:10 - 2013-01-31 14:37 - 00000000 ____D C:\Users\uwchif1\AppData\Roaming\Nitro PDF 2013-08-07 17:04 - 2013-08-07 17:04 - 00000000 ____D C:\Users\uwchif1\AppData\Local\{3F5BC0E4-E415-4B3B-8C54-A74579033DDA} 2013-08-07 11:47 - 2010-07-03 20:21 - 00000000 ____D C:\Depot 2013-08-07 04:22 - 2010-07-01 12:18 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-08-04 09:46 - 2012-01-21 12:47 - 00000000 ____D E:\Eigene Dokumente\AG 2013-08-04 09:44 - 2013-08-04 09:44 - 00000887 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk 2013-08-04 09:44 - 2013-08-04 09:44 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-08-03 17:44 - 2013-08-03 17:44 - 00000000 ____D C:\archive_db 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\launcher 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\explauncher 2013-08-03 17:33 - 2013-08-03 17:33 - 00000000 ____D C:\ProgramData\backup 2013-08-03 16:51 - 2013-08-03 16:51 - 00000000 ____D C:\Program Files (x86)\Paragon Software 2013-08-03 14:09 - 2010-07-01 20:55 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-03 14:08 - 2013-02-08 17:36 - 00000000 ____D C:\ProgramData\POIbase 2013-08-03 14:08 - 2013-02-08 17:36 - 00000000 ____D C:\Program Files (x86)\POIbase Files to move or delete: ==================== C:\Users\uwchif1\AppData\Local\Temp\356770a9-089c-4189-b988-6c4fcf78c93a.exe C:\Users\uwchif1\AppData\Local\Temp\BackupSetup.exe C:\Users\uwchif1\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\uwchif1\AppData\Local\Temp\eb189944-ef15-4244-a419-7a92d9fd502c.exe C:\Users\uwchif1\AppData\Local\Temp\MybabylonTB.exe C:\Users\uwchif1\AppData\Local\Temp\propsys.dll C:\Users\uwchif1\AppData\Local\Temp\SHSetup.exe C:\Users\uwchif1\AppData\Local\Temp\UpdUninstall.exe C:\Users\uwchif1\AppData\Local\Temp\{5B16AC35-2C8E-4285-94A7-B144931E2B0C}\ISBEW64.exe C:\Users\uwchif1\AppData\Local\Temp\nsr3870.tmp\nsSCM.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsDialogs.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsisFirewall.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\nsProcess.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\System.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\UAC.dll C:\Users\uwchif1\AppData\Local\Temp\nsk628C.tmp\xml.dll C:\Users\uwchif1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\CartSdk.dll C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\CartSdk64.exe C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\sbrc.exe C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\i386\sbbd.exe C:\Users\uwchif1\AppData\Local\Temp\3cf95438-ceae-4ebb-ae54-4daf11db89ec\amd64\sbbd.exe C:\Users\uwchif1\AppData\Local\Temp\2239ecf8-0d87-4063-a335-3402054db497\Statistics.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 00:10 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 04 Ran by uwchif1 at 2013-09-02 14:54:53 Running from C:\Users\uwchif1\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2013 (Version: 2013.0.3392) 64 Bit HP CIO Components Installer (Version: 7.2.8) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Community Help (x32 Version: 3.4.980) Adobe Dreamweaver CS5.5 (x32 Version: 11.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Photoshop Elements 7.0 (x32 Version: 7.0) Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3) ATI Catalyst Install Manager (Version: 3.0.765.0) Audacity 1.3.14 (Unicode) (x32) AVG 2013 (Version: 13.0.3222) AVG 2013 (Version: 13.0.3392) AVG Security Toolbar (x32 Version: 15.5.0.2) B109a-m (x32 Version: 130.0.396.000) BabylonObjectInstaller (x32 Version: 2.0.0.4) Biet-O-Matic v2.14.8 (x32 Version: Biet-O-Matic v2.14.8) Bing Bar (x32 Version: 7.0.850.0) BufferChm (x32 Version: 130.0.331.000) Canon Utilities Digital Photo Professional 3.7 (x32 Version: 3.7.3.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984) Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984) Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429) Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984) Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984) CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984) CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984) CCC Help Czech (x32 Version: 2010.0310.1823.32984) CCC Help Danish (x32 Version: 2010.0310.1823.32984) CCC Help Dutch (x32 Version: 2010.0310.1823.32984) CCC Help English (x32 Version: 2010.0310.1823.32984) CCC Help Finnish (x32 Version: 2010.0310.1823.32984) CCC Help French (x32 Version: 2010.0310.1823.32984) CCC Help German (x32 Version: 2010.0310.1823.32984) CCC Help Greek (x32 Version: 2010.0310.1823.32984) CCC Help Hungarian (x32 Version: 2010.0310.1823.32984) CCC Help Italian (x32 Version: 2010.0310.1823.32984) CCC Help Japanese (x32 Version: 2010.0310.1823.32984) CCC Help Korean (x32 Version: 2010.0310.1823.32984) CCC Help Norwegian (x32 Version: 2010.0310.1823.32984) CCC Help Polish (x32 Version: 2010.0310.1823.32984) CCC Help Portuguese (x32 Version: 2010.0310.1823.32984) CCC Help Russian (x32 Version: 2010.0310.1823.32984) CCC Help Spanish (x32 Version: 2010.0310.1823.32984) CCC Help Swedish (x32 Version: 2010.0310.1823.32984) CCC Help Thai (x32 Version: 2010.0310.1823.32984) CCC Help Turkish (x32 Version: 2010.0310.1823.32984) ccc-core-static (x32 Version: 2010.0310.1824.32984) ccc-utility64 (Version: 2010.0310.1824.32984) CCleaner (Version: 3.19) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115) D3DX10 (x32 Version: 15.4.2368.0902) Destinations (x32 Version: 130.0.0.0) DeviceDiscovery (x32 Version: 130.0.372.000) DHTML Editing Component (x32 Version: 6.02.0001) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224) Google Earth (x32 Version: 5.2.1.1588) GPBaseService2 (x32 Version: 130.0.371.000) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Advisor (x32 Version: 3.3.9512.3162) HP Customer Experience Enhancements (x32 Version: 6.0.1.3) HP Customer Participation Program 13.0 (Version: 13.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP MediaSmart DVD (x32 Version: 3.1.3317) HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3422) HP MediaSmart SmartMenu (Version: 3.1.0.1) HP Odometer (x32 Version: 2.10.0000) HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0) HP Print Projects 1.0 (Version: 1.0) HP Remote Solution (x32 Version: 1.1.12.0) HP Setup (x32 Version: 1.2.3560.3170) HP Solution Center 13.0 (Version: 13.0) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 10.1.0002) HP Update (x32 Version: 5.001.000.014) HPPhotoGadget (x32 Version: 130.0.282.000) hpPrintProjects (x32 Version: 130.0.303.000) HPProductAssistant (x32 Version: 130.0.371.000) hpWLPGInstaller (x32 Version: 130.0.303.000) HydraVision (x32 Version: 4.2.162.0) Intel(R) Rapid Storage Technology (x32 Version: 9.5.0.1037) Java 7 Update 21 (x32 Version: 7.0.210) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Junk Mail filter update (x32 Version: 15.4.3502.0922) LabelPrint (x32 Version: 2.5.2017) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Mesh Runtime (x32 Version: 15.4.5722.2) Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Exchange Online Connector for Office Outlook 2003 (x32 Version: 1.0.1419.1) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Naviextras Toolbox (x32 Version: 3.11.0.24188) Naviextras Toolbox Prerequesities (x32 Version: 1.0.0) NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1) Nitro Pro 8 (Version: 8.5.2.10) OpenOffice.org 3.2 (x32 Version: 3.2.9502) Personal Backup 5.4 (Version: 5.3) PlayReady PC Runtime amd64 (Version: 1.3.0) POIbase 1.051 (x32) Power2Go (x32 Version: 6.0.3304) PowerDirector (x32 Version: 7.0.3405) PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000) Recovery Manager (x32 Version: 5.5.2216) Scan (x32 Version: 13.0.0.0) SchnellerPC v3.1 (x32 Version: 3.1) SILKYPIX Developer Studio 3.0 SE (x32 Version: 3) Skype Click to Call (x32 Version: 5.6.8442) Skype™ 5.10 (x32 Version: 5.10.116) SolutionCenter (x32 Version: 130.0.373.000) Status (x32 Version: 130.0.373.000) StreamTransport version: 1.0.2.2171 (x32) SUPER © v2013.build.57+Recorder (2013/07/13) Version v2013.buil (x32 Version: v2013.build.57+Recorder) Toolbox (x32 Version: 130.0.648.000) TrayApp (x32 Version: 130.0.376.000) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) WarrantyExtension (x32 Version: 1.00.0000) Wartung Samsung CLP-320 Series (x32) WebReg (x32 Version: 130.0.132.017) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) XMedia Recode 3.0.6.0 (x32 Version: 3.0.6.0) ==================== Restore Points ========================= 22-08-2013 08:38:35 Geplanter Prüfpunkt 29-08-2013 15:11:35 Geplanter Prüfpunkt 29-08-2013 20:10:49 RegClean Pro Do, Aug 29, 13 22:10 31-08-2013 11:03:28 Removed Visual Studio 2008 x64 Redistributables 31-08-2013 16:13:32 Windows Modules Installer 31-08-2013 16:18:44 Windows Modules Installer 31-08-2013 16:31:53 Konfiguriert LabelPrint 31-08-2013 16:54:21 Wiederherstellungsvorgang 31-08-2013 17:50:16 Windows Modules Installer 31-08-2013 17:51:12 Windows Modules Installer 31-08-2013 18:45:57 Installed SpyHunter 31-08-2013 19:07:05 Removed SpyHunter 01-09-2013 06:12:44 Windows Modules Installer 01-09-2013 06:21:08 Windows Modules Installer 02-09-2013 08:15:30 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {17228B01-5AE1-450D-9DC0-8F06CCFF19C0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {19237CD0-CE2C-4A1D-90CD-0735C317F79E} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {2D841DF5-A51B-4F28-B682-95520689DDAD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {35AEDA7F-E824-4CB9-995C-F546606D4826} - System32\Tasks\AdobeAAMUpdater-1.0-Desktop-ulf-uwchif1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {5B32E29E-7DE3-44F4-B3B2-2EF8562777F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated) Task: {607D647B-619C-43D7-8803-314ABD002856} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {7CCECA25-825D-44F8-919B-DBBF92219188} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {978CEEFD-12D2-46BC-B7DE-69F74764F8CE} - System32\Tasks\DSite => C:\Users\uwchif1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File Task: {9F9BD0D2-91A4-4493-98C5-51EA0D84B291} - System32\Tasks\{2BD84779-3E1A-4CA9-A68F-FB306554FE00} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {A349681D-6D04-40FE-B036-1C1D9365E92F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File Task: {ADB805CA-077C-4A32-9F0D-0CA23F38B866} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {B01C81C4-78E2-4917-B038-3ED7A389DD4D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B5C7E2EB-8AED-4E33-96B5-8CADF85AF55C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File Task: {BBD8BCB0-BDBE-4E5C-ACAE-2D442526CA83} - System32\Tasks\4876 => C:\Windows\System32\wscript.exe [2009-07-14] (Microsoft Corporation) Task: {C3E1FE3F-2CF1-4ACE-A8DB-A5D171F7F0D0} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink) Task: {C4754DFC-EFF8-4099-BDBB-C9CD6BC75C1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-20] (Microsoft) Task: {DE0C0731-6046-47BC-B123-758A95C321CA} - System32\Tasks\{56132BB2-1AF7-4709-8FDE-FBF556DCB25F} => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {DF02A282-E62A-499A-94DD-9B33BDEBC881} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {F6D51F3C-88AF-42EA-A3A0-F9A51A26748C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] () Task: {FA45962B-FDC0-406B-A8E0-FA14747D6E11} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\uwchif1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2010-07-03 09:27 - 2010-03-10 18:33 - 00036352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll 2009-07-14 01:30 - 2009-07-14 03:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll 2011-07-18 15:22 - 2010-11-20 15:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll 2009-07-14 02:08 - 2009-07-14 03:40 - 00748032 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2009-07-14 01:53 - 2009-07-14 03:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\dfscli.dll 2012-08-15 16:52 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2009-07-14 02:31 - 2009-07-14 03:41 - 02137600 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll 2009-07-14 02:40 - 2009-07-14 03:41 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll 2009-07-14 02:40 - 2009-07-14 03:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2011-07-18 15:23 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll 2011-07-18 15:23 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2013-03-25 19:26 - 2013-03-25 19:26 - 00108552 _____ (Nitro PDF) C:\PROGRA~1\COMMON~1\Nitro\Pro\8.0\NPSHEL~1.DLL 2013-03-28 02:48 - 2013-03-28 02:48 - 00266288 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsea.dll 2011-06-11 01:15 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll 2011-06-11 01:15 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll 2013-06-27 01:54 - 2013-06-27 01:54 - 01018416 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll 2009-07-14 01:35 - 2009-07-14 03:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll 2009-07-14 02:08 - 2009-07-14 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\NetworkItemFactory.dll 2009-07-14 02:08 - 2009-07-14 03:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\fdwcn.dll 2009-07-14 02:08 - 2009-07-14 03:41 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\wcnapi.dll 2009-07-14 01:35 - 2009-07-14 03:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll 2013-05-21 22:36 - 2013-05-21 22:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll 2009-07-14 01:46 - 2009-07-14 03:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll 2009-07-14 01:46 - 2009-07-14 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\IEUI.dll 2013-08-14 13:46 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\pcwum.dll 2011-07-18 15:23 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2009-07-14 02:17 - 2009-07-14 03:41 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\UTILDLL.dll 2011-07-18 15:22 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\LOGONCLI.DLL 2012-08-15 16:52 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\BROWCLI.DLL 2012-03-08 18:40 - 2012-03-08 18:40 - 00150376 _____ (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsapi.dll 2011-06-21 03:23 - 2011-06-21 03:23 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll 2011-07-18 15:22 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll 2013-05-21 22:37 - 2013-05-21 22:37 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2009-07-14 02:08 - 2009-07-14 03:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\dtsh.dll 2011-07-18 15:22 - 2010-11-20 15:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Temp:ED9F3B50 AlternateDataStreams: C:\Users\uwchif1\Desktop\SwissDomain.ch - Webhosting Schweiz.url:favicon AlternateDataStreams: E:\Eigene Dokumente\SwissDomain.ch - Webhosting Schweiz.url:favicon AlternateDataStreams: E:\Eigene Dokumente\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2013 02:33:20 PM) (Source: Application Hang) (User: ) Description: Programm iexplore.exe, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14ac Startzeit: 01cea7d5a22aeeb9 Endzeit: 0 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error: (09/02/2013 08:03:21 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (09/01/2013 00:30:07 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (08/31/2013 09:13:52 PM) (Source: Application Hang) (User: ) Description: Programm uninstall.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 150c Startzeit: 01cea67de7c34d27 Endzeit: 0 Anwendungspfad: C:\Users\uwchif1\AppData\Local\Temp\nsa61B2.tmp\uninstall.exe Berichts-ID: Error: (08/31/2013 07:38:45 PM) (Source: System Restore) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005. Error: (08/31/2013 07:31:29 PM) (Source: System Restore) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005. Error: (08/31/2013 06:59:10 PM) (Source: System Restore) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: 0x80070005. Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (09/02/2013 07:42:20 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_IM Uim_VIM Error: (09/02/2013 07:42:11 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/02/2013 07:42:06 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/01/2013 09:03:02 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: ) Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: ) Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/01/2013 08:17:00 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Easybits Shared Services for Windows" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (09/01/2013 07:36:57 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_IM Uim_VIM Error: (09/01/2013 07:36:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/01/2013 07:36:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (09/02/2013 02:33:20 PM) (Source: Application Hang)(User: ) Description: iexplore.exe10.0.9200.1666014ac01cea7d5a22aeeb90C:\Program Files\Internet Explorer\iexplore.exe Error: (09/02/2013 08:03:21 AM) (Source: SideBySide)(User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (09/01/2013 00:30:07 AM) (Source: SideBySide)(User: ) Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2 Error: (08/31/2013 09:13:52 PM) (Source: Application Hang)(User: ) Description: uninstall.exe1.5.0.0150c01cea67de7c34d270C:\Users\uwchif1\AppData\Local\Temp\nsa61B2.tmp\uninstall.exe Error: (08/31/2013 07:38:45 PM) (Source: System Restore)(User: ) Description: Geplanter Prüfpunkt0x80070005 Error: (08/31/2013 07:31:29 PM) (Source: System Restore)(User: ) Description: Geplanter Prüfpunkt0x80070005 Error: (08/31/2013 06:59:10 PM) (Source: System Restore)(User: ) Description: Geplanter Prüfpunkt0x80070005 Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (08/31/2013 01:45:58 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3959.08 MB Available physical RAM: 1974.91 MB Total Pagefile: 7916.34 MB Available Pagefile: 5688.99 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:348.07 GB) (Free:292.8 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.96 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Daten) (Fixed) (Total:337.51 GB) (Free:245.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=338 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-02 15:25:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.HP34 698.64GB
Running: k2ywrewy.exe; Driver: C:\Users\uwchif1\AppData\Local\Temp\fwliquoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075361465 2 bytes [36, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753614bb 2 bytes [36, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075361465 2 bytes [36, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1972] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753614bb 2 bytes [36, 75]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075361465 2 bytes [36, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753614bb 2 bytes [36, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6068:6000] 000007fef0bc9688
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\uwchif1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 - by eRightSoft\SUPER \xa9 entfernen.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER \xa9 - by eRightSoft\SUPER \xa9 entfernen.lnk 1
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Baum-Darstellung