| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Teglich Werbe PopUps finde ursache nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.09.2013, 09:11
| #1 |
| |  Teglich Werbe PopUps finde ursache nicht Guten Tag, ich habe seit mehrern Tag das Problem das sich ca. 1 - 2 Mal täglich eine Webewebseite sich öffnet. Leider konnte ich bis jetzt nicht die Software finden die dafür verantwortlich ist. Ich würde mich freuen wen ihr mir Helfen könntet. Folgendes habe ich schon Probiert: Firefox inc Add-ons + Plugin entfernt und Firefox neu installiert Virenscanner scannen lassen (Kaspersky, Malwarebytes, Spybot Search and Destroy) Keines der AV Software hat was gefunden. Hijackthis File erstellt und selbst ausgewertet. Autostart einträge kontrolliert und unbekannte Software entfernt. Neues Lokales User Profiel erstellt. Danke, winZard |
|
08.09.2013, 11:39
| #2 |
| /// TB-Ausbilder   | Teglich Werbe PopUps finde ursache nicht Hallo,
__________________dann mach bitte mal einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.09.2013, 15:27
| #3 |
| | Teglich Werbe PopUps finde ursache nichtCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2013 Ran by USERNAME at 2013-09-08 16:09:37 Running from C:\Users\USERNAME\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 13.2.1) Acronis Drive Monitor (x32 Version: 1.0.566) Adobe Acrobat XI Pro (x32 Version: 11.0.03) Adobe AIR (x32 Version: 3.8.0.870) Adobe Creative Suite 6 Design Standard (x32 Version: 6) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Manager (x32 Version: 4.0.244) Adobe® Content Viewer (x32 Version: 3.2.0) Ashampoo Burning Studio 11 v.11.0.4 (x32 Version: 11.0.4) Bonjour (Version: 2.0.2.0) Bonjour-Druckdienste (Version: 2.0.2.0) bpd_scan_ent (x32 Version: 3.00.0000) CCleaner (Version: 3.24) Chiavetta Internet (x32 Version: 21.003.27.10.192) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Citrix Authentication Manager (x32 Version: 4.0.0.53726) Citrix Receiver (DV) (x32 Version: 13.4.0.25) Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25) Citrix Receiver (USB) (x32 Version: 13.4.0.25) Citrix Receiver (x32 Version: 13.4.0.25) Citrix Receiver Inside (x32 Version: 3.4.0.29585) Citrix Receiver Updater (x32 Version: 3.4.0.29577) Citrix Receiver(Aero) (x32 Version: 13.4.0.25) CodeWallet Pro 2005 Desktop Companion (x32 Version: 5.07) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32) dows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Enterprise (x32 Version: 140.0.001.000) eWallet 7.4.4 for Windows PCs (x32 Version: 7.4.4) FRANZIS onlineTV 8 (x32 Version: 8.5.0.0) Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128) Garmin USB Drivers (x32 Version: 2.3.1.0) Get Local Admins GUI (Version: 2.0.0) HijackThis 2.0.2 (x32 Version: 2.0.2) HP Business Card Reader (x32 Version: 0.6.3.0) HP Customer Experience Enhancements (x32 Version: 6.0.1.3) HP Officejet 6500 E709 Series Corporate Edition 14.0 (Version: 14.0) HP Quick Launch Buttons (x32 Version: 6.50.17.1) HP Web Camera (Version: 1.0.0) HP Webcam (x32 Version: 1.0.26.3) IDT Audio (x32 Version: 1.0.6300.0) inSSIDer (x32 Version: 2.1.6) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 43 (x32 Version: 6.0.430) JDownloader 0.9 (x32 Version: 0.9) Joe (x32 Version: 4.01.0000) Junk Mail filter update (x32 Version: 16.4.3505.0912) KeePass Password Safe 2.22 (x32) LightScribe System Software (x32 Version: 1.18.6.1) Lights-Out Client x64 (Version: 1.5.4.2055) LSI HDA Modem (Version: 2.2.100) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Messenger Plus! for Skype (x32 Version: 1.5.0.122) Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Antimalware (Version: 3.0.8410.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017) Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017) Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017) Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017) Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017) Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017) Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Project MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017) Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Script Explorer for Windows PowerShell (x32 Version: 0.12.0.0) Microsoft Security Client (Version: 2.2.0903.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visio MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft Visio Professional 2013 (x32 Version: 15.0.4420.1017) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) Mp3tag v2.53 (x32 Version: v2.53) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Network64 (Version: 140.0.301.000) Notepad++ (x32 Version: 6.2.2) NVIDIA Control Panel 311.50 (Version: 311.50) NVIDIA Graphics Driver 311.50 (Version: 311.50) NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA nView 140.54 (Version: 140.54) NVIDIA PhysX (x32 Version: 9.12.0604) NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604) Online Plug-in (x32 Version: 13.4.0.25) Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017) OxygenV2 (Version: 2.00.1850) PDF Settings CS6 (x32 Version: 11.0) Photo Gallery (x32 Version: 16.4.3505.0912) PL-2303 USB-to-Serial (x32 Version: 1.7.0) PL-2303 Vista Driver Installer (x32 Version: 3.0.1.0) PuTTY version 0.63 (x32 Version: 0.63) QLBCASL (x32 Version: 6.40.17.2) Remote Desktop Manager (x32 Version: 8.4.5.0) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0) RICOH Media Driver (x32 Version: 2.13.00.05) RSSOwl (x32) Samsung Mobile phone USB driver Drive Software Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701) Scan (x32 Version: 140.0.253.000) Secunia PSI (3.0.0.6005) (x32 Version: 3.0.0.6005) Self-Service Plug-in (x32 Version: 3.4.0.33684) Skype™ 6.6 (x32 Version: 6.6.106) SlimDrivers (x32 Version: 2.2.28413) Spybot - Search & Destroy (x32 Version: 1.6.2) Synaptics Pointing Device Driver (Version: 15.0.24.0) System Center 2012 Endpoint Protection (Version: 2.2.903.0) TeamViewer 8 (x32 Version: 8.0.20768) TightVNC (Version: 2.6.4.0) TrueCrypt (x32 Version: 7.1a) Unlocker 1.9.1 (x32 Version: 1.9.1) Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition (x32) Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition (x32) Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2817482) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2817489) 32-Bit Edition (x32) Update for Microsoft Office 2013 (KB2817492) 32-Bit Edition (x32) Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32) Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition (x32) Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32) Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32) Update for Microsoft Word 2013 (KB2767863) 32-Bit Edition (x32) Update for Microsoft Word 2013 (KB2810086) 32-Bit Edition (x32) USB Drive Letter Manager (x64) (Version: 4.6.1.0) USB Drive Letter Manager (x64) (Version: 4.7.0.0) Validity Fingerprint Driver (Version: 4.0.15.0) Validity WBF DDK (Version: 4.4.234.0) VanDyke Software SecureCRT and SecureFX 6.7 (Version: 6.7.5) VirusTotal Uploader 2.0 (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) Visual CertExam Suite (x32) VLC media player 2.0.8 (x32 Version: 2.0.8) Windows Home Server 2011 Connector (Version: 6.1.8800.16400) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows7FirewallControl (x64) 5.2.18.33 (Version: 5.2.18.33) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WinSCP 5.1.7 (x32 Version: 5.1.7) Wondershare Streaming Audio Recorder(Build 2.1.0.0) (x32 Version: 2.1.0.0) ==================== Restore Points ========================= 27-08-2013 18:00:02 Windows Backup 27-08-2013 18:35:41 Removed HP Battery Check 29-08-2013 18:00:02 Windows Backup 31-08-2013 07:45:52 Windows Backup 31-08-2013 07:49:34 Windows Backup 01-09-2013 17:00:23 Windows Backup 01-09-2013 18:43:47 Windows Backup 03-09-2013 15:59:09 Restore Operation 03-09-2013 16:52:04 Removed HP Battery Check 03-09-2013 18:00:01 Windows Backup 04-09-2013 18:00:00 Windows Backup 07-09-2013 10:34:40 Installed Get Local Admins GUI 07-09-2013 18:09:48 Windows Backup ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-08-27 08:53 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {004F8E95-A718-4ABF-AD30-97CE5CF5BEF8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for COMPUTERNAME-USERNAME COMPUTERNAME => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1E9BCA20-FAED-4F4B-AA1C-53F5F9D94C1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {2015D5E6-CA53-4DBE-BBE8-AC48E33B7CF9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {24B755A0-EC79-42E4-85F2-AB8345121C0A} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-1002 Task: {262F4C1C-977A-4CAB-AFC4-A73BCA4F4152} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {263CBC90-183F-4A7E-9010-4B5310889222} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {3DE37160-4C04-4DC6-A897-2C01BF7C008D} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {470EFEE1-2940-4FEC-B995-9D1B3E9CE259} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5B471BC6-8E2F-45C0-94EE-FCC7D27EF50C} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5E851051-A0B8-4B79-B375-7D51F84FDFB5} - System32\Tasks\{1D117AC1-9A7F-44AD-A4D6-EEBD077BC6A5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.60.106/de/abandoninstall?page=tsPlugin Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {66D980AD-B6C8-4827-8318-AF71E2E1A08F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2012-07-26] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {74A8E2F0-4950-4870-83E1-649426202909} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {7AE378FD-E992-4632-8DBD-855D83291AC3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2012-07-26] (Microsoft Corporation) Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {7DB03A94-8D20-4EA0-AD78-CD2A31860DAA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {8D850624-62AE-421F-B758-80D2C50EC029} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {99322BD0-2A88-4BAE-9F47-CEE5FCB75BD0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {9F98B999-6F70-461F-9BFA-1A90827146AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {AF6D6AD0-4941-46C5-9F72-8D298549D35D} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-1001 Task: {B21B01D2-F1D9-40DB-9E3A-7ED51AFE501A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23] (Adobe Systems Incorporated) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {CBE37266-DC38-4B51-ADF3-2E0C15979AFA} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D01DD577-3DAA-4A15-BA45-FF2DB1C8A16E} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {D90C1247-9758-4B21-A4BE-74A4CC6D5631} - System32\Tasks\AdobeAAMUpdater-1.0-COMPUTERNAME-USERNAME => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated) Task: {DB734F3D-4395-4EB1-BFA0-B58B9464815C} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-07-06] (Microsoft Corporation) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DDF0F7F6-2A2A-4024-B370-7AF3E2F7B105} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E190D61C-4479-4F46-A86F-6B8A96008271} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {E3EA6625-22FF-4DA0-911A-0B3719BC6E79} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-500 Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E5DCE097-1ADB-42F3-B96E-18A0B4BFD445} - System32\Tasks\{DBE00103-13A0-4AF7-A51F-C8D0B37AFDA9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.60.107/de/go/help.faq.installer?LastError=1618 Task: {E7B98416-AC68-4A07-81F9-68109D4C902C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {FE996E94-2262-4CF9-B465-368C728DA90C} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-09-02] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-14 11:39 - 2013-07-03 02:23 - 00788480 _____ (Microsoft Corporation) C:\Windows\winstore\WinStoreUI.dll 2012-10-31 16:02 - 2000-01-01 02:00 - 15055848 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvwgf2umx.dll 2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-03-02 11:01 - 2013-02-18 22:56 - 02631168 _____ (LeapFILE Inc.) C:\Program Files\Oxygen Common\OxygenShellExtension_64.dll 2012-10-31 17:48 - 2012-04-26 14:43 - 00190480 _____ (EldoS Corporation) C:\Windows\system32\CbFsMntNtf3.dll 2012-10-31 16:16 - 2010-09-08 01:05 - 00651264 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll 2012-10-31 16:03 - 2013-04-06 08:38 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2012-10-31 16:04 - 2000-01-01 02:00 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll 2013-09-03 19:42 - 2013-08-14 13:22 - 00206264 _____ (Martin Prikryl) C:\Program Files (x86)\WinSCP\DragExt64.dll 2010-06-03 20:16 - 2010-06-03 20:16 - 00400168 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2010-06-03 20:16 - 2010-06-03 20:16 - 00215336 _____ (Synaptics Incorporated) C:\Windows\SYSTEM32\SynTPAPI.dll 2012-10-31 16:16 - 2010-09-08 01:05 - 01952256 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll 2011-12-13 17:20 - 2011-12-13 17:20 - 00378880 _____ (NLog) C:\Program Files\Windows Server\Bin\NLog.dll 2013-06-19 17:06 - 2013-06-19 17:06 - 00051360 _____ (AxoNet Software GmbH) C:\Program Files\Windows Server\Bin\AxoNet.LightsOut.VailCommonTypes.dll 2013-06-19 17:06 - 2013-06-19 17:06 - 00131744 _____ (AxoNet Software GmbH) C:\Program Files\Windows Server\Bin\AxoNet.LightsOut.VailCommon.dll 2012-10-10 04:48 - 2012-10-10 04:48 - 00200704 _____ (ICSharpCode.net) C:\Program Files\OxygenV2\ICSharpCode.SharpZipLib.dll 2012-07-26 03:54 - 2012-11-06 06:19 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL 2012-07-26 05:33 - 2012-11-06 06:39 - 00918016 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL 2009-07-14 02:41 - 2009-07-14 02:41 - 01591808 _____ (Hewlett-Packard Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\hpfuiw73.dll 2009-07-14 02:41 - 2009-07-14 02:41 - 01858048 _____ (Hewlett Packard Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\hpf3rw73.dll 2009-07-14 02:41 - 2009-07-14 02:41 - 00254976 _____ (Hewlett-Packard Company) C:\Windows\system32\spool\DRIVERS\x64\3\hpfiew73.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00109568 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\CrashRpt1300.dll 2013-03-26 17:44 - 2013-03-26 17:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-07-04 13:56 - 2013-07-04 13:56 - 00011362 _____ () C:\ProgramData\Chiavetta Internet\OnlineUpdate\mingwm10.dll 2013-07-04 13:56 - 2013-07-04 13:56 - 00043008 _____ () C:\ProgramData\Chiavetta Internet\OnlineUpdate\libgcc_s_dw2-1.dll 2013-07-04 13:56 - 2013-07-04 13:56 - 02415104 _____ () C:\ProgramData\Chiavetta Internet\OnlineUpdate\QtCore4.dll 2013-07-04 13:56 - 2013-07-04 13:56 - 01148416 _____ () C:\ProgramData\Chiavetta Internet\OnlineUpdate\QtNetwork4.dll 2009-06-17 12:40 - 2009-06-17 12:40 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2009-06-17 12:40 - 2009-06-17 12:40 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2009-06-17 12:40 - 2009-06-17 12:40 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2012-07-26 02:06 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\vidcap.ax 2012-07-26 03:46 - 2012-07-26 05:04 - 00131072 _____ (Microsoft Corporation) C:\Windows\SYSTEM32\kswdmcap.ax 2013-01-25 11:36 - 2013-01-25 11:36 - 00022608 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll 2011-02-24 19:06 - 2011-02-24 19:06 - 00292192 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\resource.dll 2011-02-24 19:05 - 2011-02-24 19:05 - 00111232 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\gc.dll 2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll 2011-02-24 18:48 - 2011-02-24 18:48 - 00022368 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\thread_pool.dll 2012-12-14 15:14 - 2012-12-14 15:14 - 00391736 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll 2012-12-14 15:14 - 2012-12-14 15:14 - 00129592 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll 2012-12-14 15:11 - 2012-12-14 15:11 - 00012344 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\ctxmuiUI.DLL 2012-12-14 15:12 - 2012-12-14 15:12 - 00428600 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\concenUI.DLL 2013-09-08 09:23 - 2012-12-14 17:18 - 00244208 _____ (Citrix Systems, Inc.) C:\Users\USERNAME\AppData\Local\Citrix\Receiver\WindowsAppRHelper_concentr.exe.dll 2012-12-14 15:14 - 2012-12-14 15:14 - 00025656 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll 2012-12-14 17:18 - 2012-12-14 17:18 - 00621040 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\ResourceKeeper.dll 2012-12-14 17:18 - 2012-12-14 17:18 - 00055792 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\nativemessagebox.dll 2012-12-14 17:18 - 2012-12-14 17:18 - 00858608 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\nativesystrayue.dll 2012-12-14 17:18 - 2012-12-14 17:18 - 00104944 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\progressnotification.dll 2012-12-14 17:18 - 2012-12-14 17:18 - 00088560 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\toaster.dll 2012-12-12 14:33 - 2012-12-12 14:33 - 00250928 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\ReceiverShim.dll 2013-09-08 09:23 - 2012-12-14 17:20 - 00315376 _____ (Citrix Systems, Inc.) C:\Users\USERNAME\AppData\Local\Citrix\Receiver\WindowsAppRHelper_SelfServicePlugin.exe.dll 2012-12-14 15:21 - 2012-12-14 15:21 - 00088632 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll 2012-12-14 15:22 - 2012-12-14 15:22 - 00076344 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\WFCWINN.dll 2012-12-14 15:20 - 2012-12-14 15:20 - 00117304 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll 2012-12-14 15:17 - 2012-12-14 15:17 - 00096824 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\statuin.dll 2012-12-14 15:15 - 2012-12-14 15:15 - 00092728 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll 2012-12-14 15:14 - 2012-12-14 15:14 - 00023608 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll 2012-12-14 15:14 - 2012-12-14 15:14 - 00032824 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\icafile.dll 2012-12-14 15:24 - 2012-12-14 15:24 - 00481848 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\RSManager.dll 2012-12-14 15:21 - 2012-12-14 15:21 - 00498232 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CST.dll 2012-12-14 15:23 - 2012-12-14 15:23 - 00029752 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\RSMHook.dll 2012-12-14 15:11 - 2012-12-14 15:11 - 00021048 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\ProgressNotificationCommonUI.dll 2012-12-14 15:12 - 2012-12-14 15:12 - 00571960 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\statuiUI.DLL 2012-12-14 15:11 - 2012-12-14 15:11 - 00117304 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\CSTUI.DLL 2012-12-14 15:12 - 2012-12-14 15:12 - 00125496 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\de\wfcrunUI.DLL 2013-09-08 09:23 - 2012-12-14 17:18 - 00244208 _____ (Citrix Systems, Inc.) C:\Users\USERNAME\AppData\Local\Citrix\Receiver\WindowsAppRHelper_wfcrun32.exe.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00010240 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\oxygenqtwrapper.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 10837504 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\QtWebKit4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 08173568 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\QtGui4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00971776 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\QtNetwork4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 02293248 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\QtCore4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00266752 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\phonon4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00026624 _____ () C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\imageformats\qgif4.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\ssleay32.dll 2013-09-08 09:23 - 2013-09-08 09:23 - 01099776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\USERNAME\.OxygenV2\Bin\2.0.0.1850\LIBEAY32.dll 2012-12-18 21:08 - 2012-12-18 21:08 - 03990248 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll 2012-10-01 21:32 - 2012-10-01 21:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2013-02-05 18:43 - 2013-02-05 18:43 - 00125008 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL 2013-09-05 09:20 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-10-31 17:48 - 2012-04-26 14:43 - 00141328 _____ (EldoS Corporation) C:\Windows\system32\CbFsNetRdr3.dll 2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-03-02 11:01 - 2013-02-18 22:49 - 02457088 _____ (LeapFILE Inc.) C:\Program Files\Oxygen Common\OxygenShellExtension_32.dll 2012-10-31 17:48 - 2012-04-26 14:43 - 00190480 _____ (EldoS Corporation) C:\Windows\SYSTEM32\CbFsMntNtf3.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet 6500 E709n Description: Officejet 6500 E709n Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/08/2013 04:10:05 PM) (Source: Application Error) (User: ) Description: Faulting application name: LANConfigSvc.exe, version: 6.1.8800.16385, time stamp: 0x4d6ed265 Faulting module name: ServerLocator.dll, version: 6.1.8800.16385, time stamp: 0x4d6ed338 Exception code: 0xc0000025 Fault offset: 0x00000000000081ed Faulting process id: 0x22d0 Faulting application start time: 0xLANConfigSvc.exe0 Faulting application path: LANConfigSvc.exe1 Faulting module path: LANConfigSvc.exe2 Report Id: LANConfigSvc.exe3 Faulting package full name: LANConfigSvc.exe4 Faulting package-relative application ID: LANConfigSvc.exe5 Error: (09/08/2013 04:08:00 PM) (Source: Application Error) (User: ) Description: Faulting application name: LANConfigSvc.exe, version: 6.1.8800.16385, time stamp: 0x4d6ed265 Faulting module name: ServerLocator.dll, version: 6.1.8800.16385, time stamp: 0x4d6ed338 Exception code: 0xc0000025 Fault offset: 0x00000000000081ed Faulting process id: 0x1184 Faulting application start time: 0xLANConfigSvc.exe0 Faulting application path: LANConfigSvc.exe1 Faulting module path: LANConfigSvc.exe2 Report Id: LANConfigSvc.exe3 Faulting package full name: LANConfigSvc.exe4 Faulting package-relative application ID: LANConfigSvc.exe5 Error: (09/08/2013 04:05:53 PM) (Source: Application Error) (User: ) Description: Faulting application name: LANConfigSvc.exe, version: 6.1.8800.16385, time stamp: 0x4d6ed265 Faulting module name: ServerLocator.dll, version: 6.1.8800.16385, time stamp: 0x4d6ed338 Exception code: 0xc0000025 Fault offset: 0x00000000000081ed Faulting process id: 0xd10 Faulting application start time: 0xLANConfigSvc.exe0 Faulting application path: LANConfigSvc.exe1 Faulting module path: LANConfigSvc.exe2 Report Id: LANConfigSvc.exe3 Faulting package full name: LANConfigSvc.exe4 Faulting package-relative application ID: LANConfigSvc.exe5 Error: (09/08/2013 10:36:57 AM) (Source: MsgPlusService) (User: ) Description: MsgPlusServiceService failed to shut down. Error: (09/08/2013 10:36:57 AM) (Source: MsgPlusService) (User: ) Description: MsgPlusServiceReceiving shutdown message. Error: (09/08/2013 09:32:06 AM) (Source: Microsoft-Windows-User Profiles Service) (User: COMPUTERNAME) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (09/08/2013 09:32:06 AM) (Source: Microsoft-Windows-User Profiles Service) (User: COMPUTERNAME) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (09/07/2013 10:06:07 AM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location \\BackupNAS\clientcomputersicherungen$\. The error is: The network name cannot be found. (0x80070043). Error: (09/06/2013 07:55:44 AM) (Source: Windows Backup) (User: ) Description: The backup did not complete because of an error writing to the backup location \\BackupNAS\clientcomputersicherungen$\. The error is: The network name cannot be found. (0x80070043). Error: (09/05/2013 01:31:33 PM) (Source: MsgPlusService) (User: ) Description: MsgPlusServiceReceiving shutdown message. System errors: ============= Error: (09/08/2013 04:08:04 PM) (Source: Service Control Manager) (User: ) Description: The Windows Server LAN Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/08/2013 04:05:59 PM) (Source: Service Control Manager) (User: ) Description: The Windows Server LAN Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/08/2013 04:04:59 PM) (Source: pcmcia) (User: ) Description: The PCMCIA controller encountered an error powering up the inserted device. Error: (09/08/2013 11:08:44 AM) (Source: pcmcia) (User: ) Description: The PCMCIA controller encountered an error powering up the inserted device. Error: (09/08/2013 10:37:50 AM) (Source: Microsoft Antimalware) (User: ) Description: %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error: (09/08/2013 10:37:35 AM) (Source: Service Control Manager) (User: ) Description: The Chiavetta Internet. OUC service failed to start due to the following error: %%1053 Error: (09/08/2013 10:37:35 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Chiavetta Internet. OUC service to connect. Error: (09/08/2013 10:35:01 AM) (Source: Microsoft Antimalware) (User: ) Description: %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error: (09/08/2013 10:34:46 AM) (Source: Service Control Manager) (User: ) Description: The Chiavetta Internet. OUC service failed to start due to the following error: %%1053 Error: (09/08/2013 10:34:46 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Chiavetta Internet. OUC service to connect. Microsoft Office Sessions: ========================= Error: (09/08/2013 04:10:05 PM) (Source: Application Error)(User: ) Description: LANConfigSvc.exe6.1.8800.163854d6ed265ServerLocator.dll6.1.8800.163854d6ed338c000002500000000000081ed22d001ceac9cf9f2f261C:\Program Files\Windows Server\Bin\LANConfigSvc.exeC:\Program Files\Windows Server\Bin\ServerLocator.dll5bf0cce7-1890-11e3-bee8-70f39520344b Error: (09/08/2013 04:08:00 PM) (Source: Application Error)(User: ) Description: LANConfigSvc.exe6.1.8800.163854d6ed265ServerLocator.dll6.1.8800.163854d6ed338c000002500000000000081ed118401ceac9caf30785fC:\Program Files\Windows Server\Bin\LANConfigSvc.exeC:\Program Files\Windows Server\Bin\ServerLocator.dll115a78b1-1890-11e3-bee8-70f39520344b Error: (09/08/2013 04:05:53 PM) (Source: Application Error)(User: ) Description: LANConfigSvc.exe6.1.8800.163854d6ed265ServerLocator.dll6.1.8800.163854d6ed338c000002500000000000081edd1001ceac6eac765e6eC:\Program Files\Windows Server\Bin\LANConfigSvc.exeC:\Program Files\Windows Server\Bin\ServerLocator.dllc54e1a2a-188f-11e3-bee8-70f39520344b Error: (09/08/2013 10:36:57 AM) (Source: MsgPlusService)(User: ) Description: MsgPlusServiceService failed to shut down. Error: (09/08/2013 10:36:57 AM) (Source: MsgPlusService)(User: ) Description: MsgPlusServiceReceiving shutdown message. Error: (09/08/2013 09:32:06 AM) (Source: Microsoft-Windows-User Profiles Service)(User: COMPUTERNAME) Description: Error: (09/08/2013 09:32:06 AM) (Source: Microsoft-Windows-User Profiles Service)(User: COMPUTERNAME) Description: Error: (09/07/2013 10:06:07 AM) (Source: Windows Backup)(User: ) Description: \\BackupNAS\clientcomputersicherungen$ The network name cannot be found. (0x80070043) Error: (09/06/2013 07:55:44 AM) (Source: Windows Backup)(User: ) Description: \\BackupNAS\clientcomputersicherungen$ The network name cannot be found. (0x80070043) Error: (09/05/2013 01:31:33 PM) (Source: MsgPlusService)(User: ) Description: MsgPlusServiceReceiving shutdown message. CodeIntegrity Errors: =================================== Date: 2013-08-09 17:51:55.039 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:51:55.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:51:28.398 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:51:28.376 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:51:12.165 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:51:12.141 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:50:20.797 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:50:20.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:49:26.521 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 17:49:26.494 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8121.51 MB Available physical RAM: 5516.71 MB Total Pagefile: 16313.51 MB Available Pagefile: 13503.66 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.71 GB) (Free:47.08 GB) NTFS Drive o: (Oxygen) (Removable) (Total:1024 GB) (Free:46.93 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 00D86B6A) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by USER (administrator) on COMPUTERNAMEN on 08-09-2013 16:08:45
Running from C:\Users\USER\Desktop
Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
() C:\Windows\system32\valWBFPolicyService.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\ProgramData\Chiavetta Internet\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AxoNet Software GmbH) C:\Program Files\Windows Server\bin\LightsOutClientService.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Program Files\USBDLM\USBDLM.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Program Files\USBDLM\USBDLM_usr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(AxoNet Software GmbH) C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Oxygen Cloud, Inc.) C:\Program Files\OxygenV2\OxygenDesktop.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Users\USER\.OxygenV2\Bin\2.0.0.1850\oxygenlauncher.exe
(LeapFILE, Inc.) C:\Users\USER\.OxygenV2\Bin\2.0.0.1850\oxygenvfs.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [477600 2013-01-24] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1437064 2011-10-29] (Microsoft Corporation)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [Windows7FirewallControl] - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [1143296 2013-04-16] (Sphinx Software)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2716960 2000-01-01] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKCU\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18621600 2013-07-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [adm_tray.exe] - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\USER.old\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\USER.old\...\Run: [AdobeBridge] -
HKU\USER.old\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18621600 2013-07-10] (Microsoft Corporation)
HKU\USER.old\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKU\USER.old\...\Run: [Akamai NetSession Interface] - "C:\Users\USER\AppData\Local\Akamai\netsession_win.exe"
HKU\USER.old\...\Run: [Spotify Web Helper] - "C:\Users\USER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\USER.old\...\Run: [HW_OPENEYE_OUC_Chiavetta Internet] - C:\Program Files (x86)\Chiavetta Internet\UpdateDog\ouc.exe [224096 2013-07-04] ()
HKU\USER.old\...\RunOnce: [Uninstall C:\Users\USER\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USER\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [485920 2013-05-15] ()
AppInit_DLLs-x32: c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll [ ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lights-Out Client.lnk
ShortcutTarget: Lights-Out Client.lnk -> C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe (AxoNet Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start OxygenV2.lnk
ShortcutTarget: Start OxygenV2.lnk -> C:\Program Files\OxygenV2\OxygenDesktop.exe (Oxygen Cloud, Inc.)
Startup: C:\Users\USER.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSSOwl.exe - Shortcut.lnk
ShortcutTarget: RSSOwl.exe - Shortcut.lnk -> C:\Program Files (x86)\RSSOwl\RSSOwl.exe ()
Startup: C:\Users\USER.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\USER.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk
ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vwocf8cd.default
FF Homepage: file:///C:/Startseite/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: iMacros for Firefox - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vwocf8cd.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: WOT - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vwocf8cd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: sendtophone - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vwocf8cd.default\Extensions\sendtophone@martinezdelizarrondo.com.xpi
FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vwocf8cd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
==================== Services (Whitelisted) =================
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
S2 Chiavetta Internet. RunOuc; C:\Program Files (x86)\Chiavetta Internet\UpdateDog\ouc.exe [224096 2013-07-04] ()
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LoClntService; C:\Program Files\Windows Server\bin\LightsOutClientService.exe [21152 2013-06-19] (AxoNet Software GmbH)
R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952 2013-01-23] (Yuna Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12768 2011-09-02] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288256 2011-09-02] (Microsoft Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41600 2012-07-06] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 USBDLM; C:\Program Files\USBDLM\USBDLM.exe [433120 2012-01-15] (Uwe Sieber - www.uwe-sieber.de)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [778752 2013-04-16] (Sphinx Software)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2013-03-15] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303368 2013-03-15] (SafeNet Inc.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-26] (EldoS Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-15] (SafeNet Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189424 2011-10-05] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-19] (Intel Corporation)
R3 NETwNx64; C:\Windows\system32\DRIVERS\Netwxw00.sys [11080192 2012-03-12] (Intel Corporation)
R3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [84864 2011-10-05] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R3 rismcx64; C:\Windows\system32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 s125bus; C:\Windows\System32\drivers\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\system32\DRIVERS\s125mdfl.sys [19720 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\system32\DRIVERS\s125mdm.sys [144648 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\system32\DRIVERS\s125mgmt.sys [126216 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\system32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2013-03-26] (Cisco Systems, Inc.)
R3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-01-17] (Wondershare)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S0 vhjrap; No ImagePath
S0 zlnimc; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\FRST
2013-09-08 11:17 - 2013-09-08 11:26 - 00000000 ____D C:\Users\USER\AppData\Roaming\TrueCrypt
2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ilium Software
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 ____D C:\Users\USER~1\AppData\Local\Ilium_Software,_Inc
2013-09-08 10:42 - 2013-09-08 10:42 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2013-09-08 10:31 - 2013-09-08 10:36 - 00000000 ____D C:\AdwCleaner
2013-09-08 09:55 - 2013-09-08 09:55 - 00000000 ____D C:\Users\USER\AppData\Roaming\TeamViewer
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\System Tools
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Startup
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Administrative Tools
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Accessories
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Accessibility
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\WinRAR
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Unlocker
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\RSSOwl
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\MetaGeek
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Maintenance
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\FRANZIS
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Data Crow
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Ashampoo
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Acronis
2013-09-08 09:40 - 2013-05-29 20:01 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\MP3Gain
2013-09-08 09:40 - 2013-05-28 10:58 - 00002233 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\SkyDrive.lnk
2013-09-08 09:40 - 2013-05-24 13:40 - 00001783 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Spotify.lnk
2013-09-08 09:40 - 2013-03-19 12:10 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\CodeWallet Pro 2005 Desktop Companion
2013-09-08 09:40 - 2013-02-20 12:08 - 00001680 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Active Directory Users and Computers.lnk
2013-09-08 09:40 - 2012-11-06 11:35 - 00001254 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\CmRcViewer.lnk
2013-09-08 09:40 - 2012-11-06 11:35 - 00001192 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\RC.lnk
2013-09-08 09:40 - 2012-10-31 17:49 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Notepad++
2013-09-08 09:40 - 2012-10-31 15:11 - 00001426 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
2013-09-08 09:39 - 2013-09-08 09:39 - 00000000 ____D C:\Users\USER\AppData\Local\Apps\2.0
2013-09-08 09:37 - 2013-09-08 09:37 - 00000000 ____D C:\Users\USER~1\AppData\Local\Macromedia
2013-09-08 09:33 - 2013-09-08 09:33 - 00000000 ____D C:\Users\USER~1\AppData\Local\Adobe
2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\USER~1\AppData\Local\Mozilla
2013-09-08 09:30 - 2013-09-08 09:30 - 00000000 ____D C:\Users\USER\AppData\Roaming\WinRAR
2013-09-08 09:28 - 2013-09-08 09:31 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-1002
2013-09-08 09:26 - 2013-09-08 09:27 - 00000000 ___HD C:\Users\USER\.rssowl2
2013-09-08 09:24 - 2013-09-08 09:24 - 00000000 ____D C:\Users\USER~1\AppData\Local\Devolutions
2013-09-08 09:23 - 2013-09-08 11:14 - 00000000 ____D C:\Users\USER\.OxygenV2
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER\AppData\Roaming\ICAClient
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER~1\AppData\Local\CrashRpt
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER~1\AppData\Local\Citrix
2013-09-08 09:22 - 2013-09-08 09:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\Adobe
2013-09-08 09:22 - 2013-09-08 09:26 - 00000000 ____D C:\Users\USER
2013-09-08 09:22 - 2013-09-08 09:22 - 00001426 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-08 09:22 - 2013-09-08 09:22 - 00000455 _____ C:\Users\USER\Downloads\Desktop.lnk
2013-09-08 09:22 - 2013-09-08 09:22 - 00000020 ___SH C:\Users\USER\ntuser.ini
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER~1\AppData\Local\VirtualStore
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER~1\AppData\Local\Packages
2013-09-08 09:22 - 2013-08-14 11:51 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-09-08 09:22 - 2013-06-12 19:30 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-09-08 09:22 - 2013-02-12 21:59 - 00000000 ____D C:\Users\USER~1\AppData\Local\Microsoft Help
2013-09-08 09:22 - 2012-10-31 17:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\Macromedia
2013-09-08 09:22 - 2012-10-31 17:32 - 00002096 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-09-08 09:22 - 2012-07-26 10:13 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-08 09:22 - 2012-07-26 10:13 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-07 12:34 - 2013-09-07 12:34 - 00000000 ____D C:\Program Files\Cjwdev
2013-09-07 12:33 - 2013-09-07 12:34 - 02294256 _____ C:\Users\USER\Desktop\GetLocalAdminsGUI.zip
2013-09-05 09:20 - 2013-09-08 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-05 09:20 - 2013-09-05 09:20 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Mozilla
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Users\USER.old\AppData\Local\Mozilla
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-03 17:49 - 2013-09-03 17:49 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-09-03 09:06 - 2013-09-03 18:01 - 00000000 ____D C:\VEXPLite
2013-09-02 12:05 - 2013-09-06 11:44 - 00063848 _____ C:\Users\USER\Desktop\Wochenziele_2013.xlsx
2013-08-31 10:46 - 2013-09-03 18:01 - 00000000 ____D C:\Sandbox
2013-08-31 10:45 - 2013-09-03 18:01 - 00000000 ____D C:\Program Files\Sandboxie
2013-08-27 11:04 - 2013-08-27 11:04 - 00000600 _____ C:\Users\USER.old\AppData\Local\PUTTY.RND
2013-08-24 13:08 - 2013-09-07 13:57 - 00000181 _____ C:\Users\USER.old\datacrow.properties
2013-08-24 13:06 - 2013-08-24 13:16 - 00000000 ____D C:\Program Files (x86)\Data Crow
2013-08-22 11:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-08-22 09:41 - 2013-08-22 09:41 - 00000000 ___RD C:\Users\USER.old\SharePoint
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2013-08-19 13:13 - 2013-08-19 13:13 - 00000000 ____D C:\Users\USER\Documents\Podcast Studio
2013-08-19 12:00 - 2013-08-19 12:00 - 00000000 ____D C:\Program Files (x86)\FRANZIS
2013-08-18 10:12 - 2013-08-18 10:12 - 05054216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-16 09:33 - 2013-08-23 17:50 - 00000000 ____D C:\Users\USER\Documents\onlineTV 8
2013-08-16 09:33 - 2013-08-19 13:13 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\concept design
2013-08-16 09:33 - 2013-08-16 09:33 - 00000000 ____D C:\Program Files (x86)\concept design
2013-08-16 09:33 - 2012-03-01 12:08 - 00966144 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioInformation2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00877568 _____ (NCT Company Ltd.) C:\Windows\SysWOW64\NCTAudioFile2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00634880 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioEditor2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00522752 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioTransform2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00467968 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioRecord2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00467456 _____ (Online Media Technologies Ltd.) C:\Windows\SysWOW64\NCTAudioPlayer2.dll
2013-08-16 09:33 - 2012-03-01 12:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2013-08-16 09:33 - 2012-02-11 22:07 - 00413696 _____ (Gabest) C:\Windows\SysWOW64\flvsplitter.ax
2013-08-16 09:33 - 2011-03-29 13:52 - 00962560 _____ (East Wind Software) C:\Windows\SysWOW64\advdaudio.ocx
2013-08-16 09:33 - 2011-03-29 13:52 - 00110080 _____ C:\Windows\SysWOW64\advd.dll
2013-08-16 09:33 - 2011-03-29 13:52 - 00023040 _____ C:\Windows\SysWOW64\auth.dll
2013-08-16 09:33 - 2003-08-07 15:01 - 00237568 _____ C:\Windows\SysWOW64\lame_enc.dll
2013-08-14 11:41 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 11:41 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 11:41 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 11:41 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 11:41 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 11:41 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 11:41 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 11:41 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 11:41 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 11:41 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 11:41 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 11:41 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 11:41 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 11:41 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 11:41 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 11:41 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 11:39 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 11:39 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 11:39 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 11:39 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 11:39 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 11:39 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 11:39 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 11:39 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 11:39 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 11:39 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-14 11:39 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-14 11:39 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 11:39 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-14 11:39 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-14 11:39 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-14 11:39 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-14 11:39 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-14 11:39 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-14 11:39 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-14 11:39 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-14 11:39 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-14 11:39 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-14 11:39 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-14 11:39 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-14 11:39 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-14 11:39 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-14 11:39 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-14 11:39 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 11:39 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-14 11:39 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 11:39 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-14 11:39 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-14 11:39 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-14 11:39 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-14 11:39 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-14 11:39 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-14 11:39 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-14 11:39 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-14 11:39 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-14 11:39 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-14 11:39 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-14 11:39 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-14 11:39 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-14 11:39 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-14 11:39 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-14 11:39 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-14 11:39 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-14 11:39 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-14 11:39 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-14 11:39 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-14 11:39 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-14 11:39 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-14 11:39 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-14 11:39 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-14 11:39 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-14 11:39 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 11:39 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-12 20:12 - 2013-08-12 20:12 - 00359416 _____ C:\Windows\Minidump\081213-13322-01.dmp
2013-08-12 19:25 - 2013-08-14 12:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Garmin
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Program Files\DIFX
2013-08-10 10:32 - 2013-08-10 10:32 - 00001099 _____ C:\Users\Administrator\Desktop\IntelliTamper.lnk
2013-08-09 08:17 - 2013-08-09 08:17 - 00343136 _____ C:\Windows\Minidump\080913-9048-01.dmp
==================== One Month Modified Files and Folders =======
2013-09-08 16:08 - 2013-09-08 16:08 - 01948988 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\FRST
2013-09-08 16:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-08 11:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-08 11:37 - 2012-10-31 15:11 - 01558124 _____ C:\Windows\WindowsUpdate.log
2013-09-08 11:32 - 2013-03-05 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 11:26 - 2013-09-08 11:17 - 00000000 ____D C:\Users\USER\AppData\Roaming\TrueCrypt
2013-09-08 11:21 - 2012-07-26 09:28 - 00855670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 11:14 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER\.OxygenV2
2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ilium Software
2013-09-08 11:09 - 2013-09-08 11:09 - 00000000 ____D C:\Users\USER~1\AppData\Local\Ilium_Software,_Inc
2013-09-08 10:42 - 2013-09-08 10:42 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2013-09-08 10:37 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 10:37 - 2012-07-26 07:26 - 01048576 ___SH C:\Windows\system32\config\BBI
2013-09-08 10:36 - 2013-09-08 10:31 - 00000000 ____D C:\AdwCleaner
2013-09-08 10:34 - 2013-04-16 09:54 - 00014768 _____ C:\Windows\PFRO.log
2013-09-08 09:55 - 2013-09-08 09:55 - 00000000 ____D C:\Users\USER\AppData\Roaming\TeamViewer
2013-09-08 09:44 - 2013-09-05 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\System Tools
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Startup
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Administrative Tools
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Accessories
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Accessibility
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\WinRAR
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Unlocker
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\RSSOwl
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\MetaGeek
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Maintenance
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\FRANZIS
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Data Crow
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Ashampoo
2013-09-08 09:40 - 2013-09-08 09:40 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Acronis
2013-09-08 09:39 - 2013-09-08 09:39 - 00000000 ____D C:\Users\USER\AppData\Local\Apps\2.0
2013-09-08 09:37 - 2013-09-08 09:37 - 00000000 ____D C:\Users\USER~1\AppData\Local\Macromedia
2013-09-08 09:33 - 2013-09-08 09:33 - 00000000 ____D C:\Users\USER~1\AppData\Local\Adobe
2013-09-08 09:33 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER\AppData\Roaming\Adobe
2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-09-08 09:31 - 2013-09-08 09:31 - 00000000 ____D C:\Users\USER~1\AppData\Local\Mozilla
2013-09-08 09:31 - 2013-09-08 09:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-1002
2013-09-08 09:30 - 2013-09-08 09:30 - 00000000 ____D C:\Users\USER\AppData\Roaming\WinRAR
2013-09-08 09:30 - 2013-08-07 13:57 - 00001785 _____ C:\Users\USER\Desktop\PuTTY.lnk
2013-09-08 09:30 - 2012-11-06 11:19 - 00002421 _____ C:\Users\USER\Desktop\CmRcViewer - Shortcut.lnk
2013-09-08 09:27 - 2013-09-08 09:26 - 00000000 ___HD C:\Users\USER\.rssowl2
2013-09-08 09:26 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER
2013-09-08 09:24 - 2013-09-08 09:24 - 00000000 ____D C:\Users\USER~1\AppData\Local\Devolutions
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER\AppData\Roaming\ICAClient
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER~1\AppData\Local\CrashRpt
2013-09-08 09:23 - 2013-09-08 09:23 - 00000000 ____D C:\Users\USER~1\AppData\Local\Citrix
2013-09-08 09:22 - 2013-09-08 09:22 - 00001426 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-08 09:22 - 2013-09-08 09:22 - 00000455 _____ C:\Users\USER\Downloads\Desktop.lnk
2013-09-08 09:22 - 2013-09-08 09:22 - 00000020 ___SH C:\Users\USER\ntuser.ini
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER~1\AppData\Local\VirtualStore
2013-09-08 09:22 - 2013-09-08 09:22 - 00000000 ____D C:\Users\USER~1\AppData\Local\Packages
2013-09-08 09:10 - 2012-10-31 17:42 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Skype
2013-09-08 08:56 - 2012-11-06 12:00 - 00005010 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for COMPUTERNAMEN-USER COMPUTERNAMEN
2013-09-08 08:56 - 2012-10-31 20:40 - 00000000 ____D C:\ProgramData\LightsOut
2013-09-07 22:49 - 2012-10-31 17:12 - 00002186 ____H C:\Users\USER.old\Documents\Default.rdp
2013-09-07 13:57 - 2013-08-24 13:08 - 00000181 _____ C:\Users\USER.old\datacrow.properties
2013-09-07 13:56 - 2012-10-31 17:55 - 00000000 ____D C:\Users\USER\Downloads\Jdownloader
2013-09-07 12:34 - 2013-09-07 12:34 - 00000000 ____D C:\Program Files\Cjwdev
2013-09-07 12:34 - 2013-09-07 12:33 - 02294256 _____ C:\Users\USER\Desktop\GetLocalAdminsGUI.zip
2013-09-06 18:12 - 2012-12-27 17:01 - 00000000 ____D C:\Users\USER\Documents\Switch Conf Log
2013-09-06 12:00 - 2012-10-31 15:11 - 00000000 ____D C:\Users\USER.old\AppData\Local\Packages
2013-09-05 15:27 - 2012-10-31 15:16 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3914127844-14403796-372123521-1001
2013-09-05 13:32 - 2012-12-06 14:22 - 00000000 ____D C:\Program Files (x86)\WinSCP
2013-09-05 09:20 - 2013-09-05 09:20 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Mozilla
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Users\USER.old\AppData\Local\Mozilla
2013-09-05 09:20 - 2013-09-05 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-05 09:15 - 2012-10-31 15:11 - 00000000 ____D C:\Users\USER.old
2013-09-05 08:56 - 2013-02-25 12:34 - 00000000 ___HD C:\Users\USER.old\.rssowl2
2013-09-04 20:22 - 2012-11-06 16:53 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\vlc
2013-09-04 18:39 - 2012-10-31 17:27 - 00000000 ____D C:\Users\USER.old\AppData\Local\Adobe
2013-09-04 18:36 - 2012-10-31 17:50 - 00000000 ____D C:\Program Files (x86)\Yuna Software
2013-09-03 19:34 - 2013-01-10 20:13 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-03 18:55 - 2013-06-06 14:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-03 18:52 - 2012-10-31 16:14 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-09-03 18:52 - 2012-10-31 16:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-03 18:03 - 2012-12-21 14:46 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:02 - 2012-11-01 11:22 - 00000000 ____D C:\Users\Administrator
2013-09-03 18:02 - 2012-10-31 17:48 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Notepad++
2013-09-03 18:01 - 2013-09-03 09:06 - 00000000 ____D C:\VEXPLite
2013-09-03 18:01 - 2013-08-31 10:46 - 00000000 ____D C:\Sandbox
2013-09-03 18:01 - 2013-08-31 10:45 - 00000000 ____D C:\Program Files\Sandboxie
2013-09-03 18:01 - 2012-10-31 17:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-03 18:01 - 2012-10-31 17:32 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-09-03 18:00 - 2012-10-31 17:17 - 00000000 __RHD C:\MSOCache
2013-09-03 18:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\registration
2013-09-03 17:49 - 2013-09-03 17:49 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-09-02 15:32 - 2013-05-24 13:40 - 00000000 ____D C:\Users\USER.old\AppData\Local\Spotify
2013-08-31 10:37 - 2013-01-02 12:20 - 00000600 _____ C:\Users\USER.old\AppData\Roaming\winscp.rnd
2013-08-30 13:27 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-27 17:03 - 2013-02-26 11:10 - 00000000 ____D C:\Users\USER\Documents\Outlook Files
2013-08-27 11:04 - 2013-08-27 11:04 - 00000600 _____ C:\Users\USER.old\AppData\Local\PUTTY.RND
2013-08-26 20:10 - 2012-07-26 07:26 - 00000874 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2013-08-26 17:49 - 2013-01-30 15:40 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\KeePass
2013-08-26 16:23 - 2013-04-10 17:51 - 00060367 _____ C:\Windows\setupact.log
2013-08-24 14:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-24 13:16 - 2013-08-24 13:06 - 00000000 ____D C:\Program Files (x86)\Data Crow
2013-08-23 17:50 - 2013-08-16 09:33 - 00000000 ____D C:\Users\USER\Documents\onlineTV 8
2013-08-22 12:52 - 2013-05-24 13:40 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Spotify
2013-08-22 11:36 - 2013-08-22 11:35 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-08-22 09:41 - 2013-08-22 09:41 - 00000000 ___RD C:\Users\USER.old\SharePoint
2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2013-08-19 15:21 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-19 13:13 - 2013-08-19 13:13 - 00000000 ____D C:\Users\USER\Documents\Podcast Studio
2013-08-19 13:13 - 2013-08-16 09:33 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\concept design
2013-08-19 12:00 - 2013-08-19 12:00 - 00000000 ____D C:\Program Files (x86)\FRANZIS
2013-08-18 10:12 - 2013-08-18 10:12 - 05054216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-16 09:33 - 2013-08-16 09:33 - 00000000 ____D C:\Program Files (x86)\concept design
2013-08-14 12:54 - 2013-08-12 19:25 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-08-14 11:51 - 2013-09-08 09:22 - 00000000 ___RD C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-14 11:51 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-08-14 11:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 11:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 11:51 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-14 11:48 - 2012-10-31 17:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 11:48 - 2012-07-26 07:26 - 00000167 _____ C:\Windows\win.ini
2013-08-14 11:44 - 2013-07-09 21:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 11:43 - 2012-12-01 18:48 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 20:12 - 2013-08-12 20:12 - 00359416 _____ C:\Windows\Minidump\081213-13322-01.dmp
2013-08-12 20:12 - 2013-07-08 16:32 - 551511383 _____ C:\Windows\MEMORY.DMP
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Users\USER.old\AppData\Roaming\Garmin
2013-08-12 19:25 - 2013-08-12 19:25 - 00000000 ____D C:\Program Files\DIFX
2013-08-12 19:13 - 2013-06-21 14:12 - 00001257 _____ C:\Users\Public\Desktop\Remote Desktop Manager.lnk
2013-08-10 10:32 - 2013-08-10 10:32 - 00001099 _____ C:\Users\Administrator\Desktop\IntelliTamper.lnk
2013-08-09 17:10 - 2012-10-31 17:12 - 00002113 _____ C:\Users\USER\Desktop\Hris.lnk
2013-08-09 08:17 - 2013-08-09 08:17 - 00343136 _____ C:\Windows\Minidump\080913-9048-01.dmp
Files to move or delete:
====================
C:\Users\USER~1\AppData\Local\Temp\Quarantine.exe
C:\Users\USER.old\AppData\Local\Temp\WaitProgress.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-31 08:31
==================== End Of Log ============================
|
|
08.09.2013, 15:46
| #4 |
| /// TB-Ausbilder | Teglich Werbe PopUps finde ursache nicht Tritt das Problem denn in allen Browsern auf oder nur in einem? In welchen?
__________________ cheers, Leo |
|
08.09.2013, 16:07
| #5 |
| | Teglich Werbe PopUps finde ursache nicht Hatte bis jetzt nur das problem bei Firefox. Firefox ist als standard Browser eingestellt. |
|
08.09.2013, 16:14
| #6 |
| /// TB-Ausbilder | Teglich Werbe PopUps finde ursache nicht Und ein Zurücksetzen des Firefox hilft auch nicht?
__________________ --> Teglich Werbe PopUps finde ursache nicht |
|
08.09.2013, 16:18
| #7 |
| | Teglich Werbe PopUps finde ursache nicht Habe jetzt Firefox mal zurückgesetzt. Ich gebe dir bescheid ob das Problem nochmals auftaucht. Danke, winZard |
|
08.09.2013, 16:34
| #8 |
| /// TB-Ausbilder | Teglich Werbe PopUps finde ursache nicht Genau, behalt es mal noch unter Beobachtung und melde dich dann wieder.
__________________ cheers, Leo |
|
10.09.2013, 16:51
| #9 |
| | Teglich Werbe PopUps finde ursache nicht habe den PC neu installiert. Das Problem hat sich somit erledigt. Vielen dank, winZard |
|
10.09.2013, 16:56
| #10 |
| /// TB-Ausbilder | Teglich Werbe PopUps finde ursache nicht Ok, danke für die Mitteilung. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Teglich Werbe PopUps finde ursache nicht |
| bekannte, destroy, einträge, entfernt, erstell, erstellt, file, guten, kaspersky, konnte, malwarebytes, neu, plugin, popups, problem, scan, scannen, scanner, search, software, spybot, spybot search and destroy, täglich, unbekannte, werbe popups, würde |
Linear-Darstellung
