Ebenfalls Probleme mit http://wisersearch.com/?channel=de_nt

dilated · 18.12.2013, 20:18

Hallo,

ich habe bereits mehrere Beiträge zu dem Trojaner hxxp://wisersearch.com/?channel=de_nt gelesen und möchte auch gerne um Hilfe bitten, diesen von meinem Computer zu entfernen.

Zur Erklärung: Immer, wenn ich einen neuen Tab öffne erscheint unaufgefordert die oben genannte Seite und bei jedem Neuladen von Seiten erscheint ein graues leeres, beinahe bildschirmgroßes Feld, das man zwar wegklicken kann, aber es erscheint bei jedem Neuladen einer Seite.

Ich habe mir bereits FRST runtergeladen und auf meinem desktop gespeichert und meinen Computer gescannt. Hier sind meine Logdateien:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 03
Ran by Stephanie (administrator) on RENNEGADE on 18-12-2013 19:46:57
Running from C:\Users\Stephanie\Desktop
Microsoft Windows 8.1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSWinService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\LiveUpdate\HotKeyService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
() C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmw.exe
() C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmwj.exe
() C:\Program Files\AVG Nation toolbar\vprot.exe
(Microsoft) C:\Program Files\Evernote Sticky Notes\StickyNotes.Wpf.exe
(Dropbox, Inc.) C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google) C:\Users\Stephanie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSPanel.exe [3574656 2012-10-25] (ASUS Cloud Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LauncherM1400] - C:\Program Files\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2269936 2012-12-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [M1400 RUN] - C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [365296 2012-12-27] ()
HKLM\...\Run: [StatusAutoRunM1400] - C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [3170544 2012-12-27] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG Nation toolbar\vprot.exe [2403144 2013-10-04] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [65536 2013-10-23] (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-21] (Google Inc.)
HKCU\...\Run: [EDO-Soft Sticky Notes] - C:\Program Files\Evernote Sticky Notes\StickyNotes.Wpf.exe [373760 2013-12-05] (Microsoft)
HKCU\...\Run: [SSync] - C:\Users\Stephanie\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKCU\...\Run: [DataMgr] - C:\Users\Stephanie\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-10-09] (HTTO Group, Ltd.)
HKCU\...\Run: [OMESupervisor] - C:\Users\Stephanie\AppData\Local\omesuperv.exe [2230128 2013-11-27] ()
HKCU\...\Run: [SCheck] - C:\Users\Stephanie\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-09] ()
HKCU\...\Run: [Snoozer] - C:\Users\Stephanie\AppData\Roaming\Snz\Snz.exe [1226901 2013-11-27] ()
HKCU\...\Run: [Intermediate] - C:\Users\Stephanie\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] ()
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus13.msn.com
www.asus.com
SearchScopes: HKLM - DefaultScope {F74E27BE-0516-4DAE-8701-8561B14CE893} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {F74E27BE-0516-4DAE-8701-8561B14CE893} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {F74E27BE-0516-4DAE-8701-8561B14CE893} URL =
BHO: OfferMosquito - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\Stephanie\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd)
BHO: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll (AVG Secure Search)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1&ltmpl=googlemail&emr=1
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Stephanie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Stephanie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Stephanie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Stephanie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Stephanie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Stephanie\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
FF SearchPlugin: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default\Extensions\firefox@ghostery.com.xpi
FF Extension: google - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default\Extensions\google@disconnect.me.xpi
FF Extension: om - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default\Extensions\om@offermosquito.com.xpi
FF Extension: snt - C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\d20owtah.default\Extensions\snt@dotlabs.co.xpi

========================== Services (Whitelisted) =================

R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSWinService.exe [68608 2012-10-25] ()
R2 ASUSACPI; C:\Program Files\ASUS\LiveUpdate\HotKeyService.exe [156472 2013-10-18] (ASUSTeK Computer Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1678040 2013-09-23] (Broadcom Corporation.)
R2 DptfParticipantDisplayService; C:\Windows\system32\DptfParticipantDisplayService.exe [97792 2013-10-23] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [69632 2013-10-23] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [56832 2013-10-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [75776 2013-10-23] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-17] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SENADB; C:\Program Files\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [88816 2012-12-27] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)
S4 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1733448 2013-10-04] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1210368 2013-10-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\system32\DRIVERS\acsock.sys [92112 2013-03-26] (Cisco Systems, Inc.)
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [17424 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [196920 2013-10-21] (AVG Technologies CZ, s.r.o.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
R3 BcmGnssBus; C:\Windows\System32\drivers\BcmGnssBus.sys [79944 2013-10-23] (Broadcom Corporation)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [521392 2013-10-23] (Broadcom)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [185856 2013-08-22] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [144088 2013-11-29] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [130776 2013-11-29] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [207872 2013-10-23] (Intel Corporation)
R0 ChaabiDriver; C:\Windows\System32\drivers\ChaabiDriver.sys [74256 2013-10-23] (Intel Corporation)
R0 clvpep; C:\Windows\System32\drivers\clvpep.sys [81648 2013-10-23] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [44256 2013-10-23] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [49888 2013-10-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [69344 2013-10-23] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [163552 2013-10-23] (Intel Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 GPIOCLV; C:\Windows\System32\drivers\GPIOCLV.sys [22016 2013-10-23] (Intel Corporation)
R3 igdperf32; C:\Windows\system32\DRIVERS\igdperf32.sys [4096 2013-11-29] ()
R3 imx175; C:\Windows\System32\drivers\imx175.sys [58880 2013-10-23] (Intel Corporation)
R0 inteli2c; C:\Windows\System32\drivers\inteli2c.sys [48880 2013-10-23] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [241152 2013-10-23] (Intel(R) Corporation)
R0 Lm3554; C:\Windows\System32\drivers\lm3554.sys [34816 2013-10-23] (Intel Corporation)
R0 LNWIPC; C:\Windows\System32\drivers\LNWIPC.sys [25840 2013-10-23] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [16112 2013-10-23] (Intel Corporation)
R3 MSICReg; C:\Windows\System32\drivers\MSICReg.sys [17408 2013-10-23] (Intel Corporation)
R3 ov2720; C:\Windows\System32\drivers\ov2720.sys [46592 2013-10-23] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [97792 2013-10-23] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 spi; C:\Windows\System32\drivers\spi.sys [46592 2013-10-23] (Intel Corporation)
R3 Uart16550pc; C:\Windows\System32\drivers\Uart16550pc.sys [40960 2013-10-23] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva-6.sys [42064 2013-03-26] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-18 19:46 - 2013-12-18 19:50 - 00017080 _____ C:\Users\Stephanie\Desktop\FRST.txt
2013-12-18 19:46 - 2013-12-18 19:46 - 00000000 ____D C:\FRST
2013-12-18 19:45 - 2013-12-18 19:45 - 01062259 _____ (Farbar) C:\Users\Stephanie\Desktop\FRST.exe
2013-12-15 21:46 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-15 21:46 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-15 21:46 - 2013-11-11 01:50 - 00036696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-15 21:46 - 2013-11-09 11:54 - 00261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-15 21:46 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-15 21:46 - 2013-11-08 09:40 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-15 21:46 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-15 21:46 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-15 21:46 - 2013-11-08 04:51 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-15 21:46 - 2013-11-08 04:30 - 01128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-15 21:46 - 2013-11-08 04:05 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-15 21:46 - 2013-11-05 15:08 - 00478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-15 21:46 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-15 21:46 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-15 21:46 - 2013-11-04 06:52 - 01307480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-15 21:46 - 2013-11-04 06:52 - 00320856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-15 21:46 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-15 21:46 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-15 21:46 - 2013-11-04 01:45 - 02038784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-15 21:46 - 2013-11-01 11:17 - 00077144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-15 21:46 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-15 21:46 - 2013-10-31 00:50 - 05753688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-15 21:46 - 2013-10-31 00:39 - 01381184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-15 21:46 - 2013-10-31 00:39 - 01270640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-15 21:46 - 2013-10-31 00:39 - 01261320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-15 21:46 - 2013-10-31 00:39 - 01159080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-15 21:46 - 2013-10-26 21:28 - 00120152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-15 21:46 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-15 21:46 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-15 21:46 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-15 21:46 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-15 21:36 - 2013-12-15 21:36 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Snz
2013-12-15 21:36 - 2013-12-15 21:36 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\SCheck
2013-12-15 17:22 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-15 17:22 - 2013-11-23 04:30 - 03423232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-15 17:22 - 2013-11-23 04:11 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-15 17:22 - 2013-11-09 06:52 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-15 17:22 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-13 12:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-13 12:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-13 12:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-13 12:27 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-13 12:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-13 12:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-13 12:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-13 12:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-13 12:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-13 12:27 - 2013-11-08 07:19 - 03494400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-13 12:27 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-13 12:27 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 22:53 - 2013-12-11 22:53 - 00050193 _____ C:\Users\Stephanie\Desktop\contacts_2013-12-11.csv
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-11 22:52 - 2013-12-11 22:52 - 00050193 _____ C:\Users\Stephanie\Desktop\csv.csv
2013-12-11 21:19 - 2013-12-11 21:19 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\Program Files\Sony Mobile
2013-12-10 11:50 - 2013-12-10 11:50 - 00000000 ____D C:\Program Files\Evernote Sticky Notes
2013-11-29 22:18 - 2013-11-29 22:18 - 02966016 _____ (Intel Corporation) C:\WINDOWS\system32\igdogl32.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 01012736 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd32.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00722432 _____ (Intel Corporation) C:\WINDOWS\system32\IntelInvokePanel.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00498176 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00498176 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00495616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00495616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00494592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00494592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00491520 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00489984 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00488960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00488448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00406528 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igddim32.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00378880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00344576 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00309248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00308736 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00301056 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00291328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00288768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00265728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2013-11-29 22:18 - 2013-11-29 22:18 - 00209920 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvcWin8.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00144088 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00130776 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\BtwSerialBus.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00092160 _____ C:\WINDOWS\system32\pvrscopeservices.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00055000 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRadioSwitch.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00009216 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00008704 _____ C:\WINDOWS\system32\igddim32.vp
2013-11-29 22:18 - 2013-11-29 22:18 - 00004096 _____ C:\WINDOWS\system32\Drivers\igdperf32.sys
2013-11-29 22:17 - 2013-11-29 22:18 - 01584128 _____ (Intel Corporation) C:\WINDOWS\system32\GfxRes.dll
2013-11-27 13:14 - 2013-11-27 13:14 - 02230128 _____ C:\Users\Stephanie\AppData\Local\omesuperv.exe
2013-11-24 20:18 - 2013-11-24 20:18 - 00004814 _____ C:\Users\Stephanie\Desktop\Kreisky und Sauer.odt
2013-11-24 14:41 - 2013-03-26 08:18 - 00092112 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock.sys
2013-11-19 17:01 - 2013-11-19 17:01 - 00000000 ____D C:\WINDOWS\Firmware

==================== One Month Modified Files and Folders =======

2013-12-20 00:41 - 2013-08-22 09:17 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-20 00:41 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-20 00:41 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-20 00:41 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-20 00:41 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\Camera
2013-12-20 00:41 - 2013-08-22 08:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-20 00:41 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-20 00:12 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-18 19:50 - 2013-12-18 19:46 - 00017080 _____ C:\Users\Stephanie\Desktop\FRST.txt
2013-12-18 19:46 - 2013-12-18 19:46 - 00000000 ____D C:\FRST
2013-12-18 19:45 - 2013-12-18 19:45 - 01062259 _____ (Farbar) C:\Users\Stephanie\Desktop\FRST.exe
2013-12-18 19:43 - 2013-09-04 14:28 - 00001156 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001UA.job
2013-12-18 19:22 - 2013-11-11 16:29 - 01165062 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-18 19:07 - 2013-06-12 09:40 - 00000000 ____D C:\ProgramData\MFAData
2013-12-18 19:03 - 2013-08-12 13:34 - 00000000 ___RD C:\Users\Stephanie\Documents\Dropbox
2013-12-18 19:03 - 2013-08-12 13:28 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Dropbox
2013-12-18 19:02 - 2013-11-11 16:46 - 00000000 __RDO C:\Users\Stephanie\SkyDrive
2013-12-18 16:12 - 2013-11-11 16:22 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-18 08:54 - 2013-08-22 07:13 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-16 10:45 - 2013-09-04 14:28 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001Core.job
2013-12-15 21:36 - 2013-12-15 21:36 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Snz
2013-12-15 21:36 - 2013-12-15 21:36 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\SCheck
2013-12-15 21:36 - 2013-11-04 13:05 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Intermediate
2013-12-15 21:34 - 2013-08-22 08:22 - 00486880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-15 17:26 - 2013-08-06 09:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 17:23 - 2013-07-03 18:45 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-14 17:53 - 2012-07-26 07:53 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-12-14 01:16 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-11 23:15 - 2013-08-07 22:14 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\vlc
2013-12-11 22:53 - 2013-12-11 22:53 - 00050193 _____ C:\Users\Stephanie\Desktop\contacts_2013-12-11.csv
2013-12-11 22:53 - 2013-12-11 22:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-12-11 22:53 - 2013-08-22 08:23 - 00321972 _____ C:\WINDOWS\setupact.log
2013-12-11 22:52 - 2013-12-11 22:52 - 00050193 _____ C:\Users\Stephanie\Desktop\csv.csv
2013-12-11 21:19 - 2013-12-11 21:19 - 00000000 ____D C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2013-12-11 21:18 - 2013-12-11 21:18 - 00000000 ____D C:\Program Files\Sony Mobile
2013-12-11 19:25 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-10 12:57 - 2013-11-11 16:09 - 00000000 ____D C:\Users\Stephanie
2013-12-10 11:50 - 2013-12-10 11:50 - 00000000 ____D C:\Program Files\Evernote Sticky Notes
2013-12-10 11:48 - 2013-11-04 13:02 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Downloaded Installations
2013-12-10 10:52 - 2013-11-11 16:09 - 00000000 ____D C:\Users\Administrator
2013-12-04 01:05 - 2013-08-22 09:18 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 09:18 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-02 16:20 - 2013-05-30 00:23 - 00000000 ____D C:\Users\Stephanie\Documents\Studium
2013-11-30 15:09 - 2013-06-12 09:37 - 00000000 ____D C:\Users\Stephanie\AppData\Local\Adobe
2013-11-29 22:18 - 2013-11-29 22:18 - 02966016 _____ (Intel Corporation) C:\WINDOWS\system32\igdogl32.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 01012736 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd32.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00722432 _____ (Intel Corporation) C:\WINDOWS\system32\IntelInvokePanel.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00498176 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00498176 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00496128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00495616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00495616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00494592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00494592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00491520 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00489984 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00488960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00488448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00406528 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igddim32.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00378880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00344576 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2013-11-29 22:18 - 2013-11-29 22:18 - 00309248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00308736 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00301056 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00291328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00288768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00265728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2013-11-29 22:18 - 2013-11-29 22:18 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2013-11-29 22:18 - 2013-11-29 22:18 - 00209920 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvcWin8.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00144088 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00130776 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\BtwSerialBus.sys
2013-11-29 22:18 - 2013-11-29 22:18 - 00092160 _____ C:\WINDOWS\system32\pvrscopeservices.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00055000 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRadioSwitch.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00009216 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2013-11-29 22:18 - 2013-11-29 22:18 - 00008704 _____ C:\WINDOWS\system32\igddim32.vp
2013-11-29 22:18 - 2013-11-29 22:18 - 00004096 _____ C:\WINDOWS\system32\Drivers\igdperf32.sys
2013-11-29 22:18 - 2013-11-29 22:17 - 01584128 _____ (Intel Corporation) C:\WINDOWS\system32\GfxRes.dll
2013-11-29 22:18 - 2013-09-04 07:33 - 09083392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2013-11-29 22:18 - 2013-09-04 07:33 - 00408576 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2013-11-29 22:18 - 2013-09-04 07:32 - 01994752 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd32.dll
2013-11-29 22:18 - 2013-09-04 07:32 - 00497152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2013-11-29 22:18 - 2013-09-04 07:32 - 00453632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2013-11-29 22:18 - 2013-09-04 07:32 - 00161280 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2013-11-27 13:14 - 2013-11-27 13:14 - 02230128 _____ C:\Users\Stephanie\AppData\Local\omesuperv.exe
2013-11-26 11:11 - 2013-12-13 12:27 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-26 09:38 - 2013-12-13 12:27 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-26 09:16 - 2013-12-13 12:27 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-26 09:13 - 2013-12-13 12:27 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-26 08:32 - 2013-12-13 12:27 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-26 08:26 - 2013-12-13 12:27 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-26 07:34 - 2013-12-13 12:27 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-11-26 07:33 - 2013-12-13 12:27 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-26 07:27 - 2013-12-13 12:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-25 14:41 - 2013-05-06 18:34 - 00000000 ____D C:\Users\Stephanie\Documents\Multitude e. V
2013-11-24 20:18 - 2013-11-24 20:18 - 00004814 _____ C:\Users\Stephanie\Desktop\Kreisky und Sauer.odt
2013-11-24 14:41 - 2013-06-29 11:33 - 00000000 ____D C:\ProgramData\Cisco
2013-11-24 14:41 - 2013-06-29 11:33 - 00000000 ____D C:\Program Files\Cisco
2013-11-24 13:40 - 2013-08-22 09:17 - 00000000 ____D C:\WINDOWS\rescache
2013-11-23 05:13 - 2013-12-15 17:22 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-11-23 04:30 - 2013-12-15 17:22 - 03423232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-23 04:11 - 2013-12-15 17:22 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-11-19 17:04 - 2013-09-30 04:50 - 00001518 _____ C:\WINDOWS\PFRO.log
2013-11-19 17:01 - 2013-11-19 17:01 - 00000000 ____D C:\WINDOWS\Firmware
2013-11-19 16:32 - 2013-06-12 08:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-18 18:13 - 2013-11-11 13:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Stephanie\AppData\Local\Temp\StickyNotesUpdate.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-11-17 16:25] - [2013-10-22 07:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-11 19:25

==================== End Of Log ============================

und der additional scan:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 03
Ran by Stephanie at 2013-12-18 19:53:16
Running from C:\Users\Stephanie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
ASUS WebStorage Sync Agent (Version: 1.1.13.147)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
AVG Nation toolbar (Version: 17.0.1.12)
Canon MG5100 series MP Drivers
Cisco AnyConnect Secure Mobility Client (Version: 3.1.03103)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.03103)
Dropbox (HKCU Version: 2.4.6)
EPSON AcuLaser M1400 (Version: 1.029.00)
Evernote Sticky Notes (Version: 1.5.8)
Google Talk Plugin (Version: 4.9.1.16010)
Intel(R) Dynamic Platform & Thermal Framework (Version: 7.0.0.0412)
Intel(R) Processor Graphics (Version: 9.14.3.1099)
LiveUpdate (Version: 2.1.4.14)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1005)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1005)
Sony Mobile Update Service (Version: 2.13.14.201311281309)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.8 (Version: 2.0.8)
Windows Driver Package - Broadcom (BtwSerialBus) System (10/30/2012 12.0.0.3323) (Version: 10/30/2012 12.0.0.3323)

==================== Restore Points =========================

11-12-2013 20:18:24 Uninstalled Sony Ericsson Drivers
11-12-2013 20:18:58 Installed Sony Ericsson Drivers
15-12-2013 16:22:30 Windows Update
19-12-2013 22:40:30 Windows Update

==================== Hosts content: ==========================

2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {183F0C02-AEC4-44F8-8D83-70F4733F4B76} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-15] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {24E73449-240D-40D8-8F2E-1BA8142626C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001Core => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2FA65206-B8CB-44EB-889C-1C0C10F6132C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001UA => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {319BB442-2E1C-4F46-AA01-D677FEF73023} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {50123E26-44AD-4C33-B9F0-8EB92B081F86} - System32\Tasks\Google Updater and Installer => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6007E580-C1CD-4C56-A6B8-77FB38C6F9AA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-11-13] (Microsoft Corporation)
Task: {6670B36F-E048-4DC6-BD67-600956346B4A} - System32\Tasks\ASUSLiveUpdate => C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe [2013-10-18] (AsusTek Computer Inc.)
Task: {6D41A2BD-2921-4A53-8AB2-F696E1A99BB0} - System32\Tasks\AVG_REG_0913b => C:\ProgramData\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B370ABE5-DFA5-49A6-A3C4-FBE523D65303} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001Core.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2977543710-2377266466-2606467688-1001UA.job => C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 07:39 - 2013-11-23 07:50 - 00143872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\ErrorReporting.dll
2013-10-04 21:40 - 2013-10-04 21:40 - 00518472 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-10-04 21:40 - 2013-10-04 21:40 - 00141128 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-17 16:10 - 2013-11-17 16:10 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-06-12 08:49 - 2013-08-23 14:45 - 00317096 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2rui.dll
2013-06-12 08:49 - 2013-08-23 14:44 - 00359592 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2r32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Stephanie\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gpioclv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\inteli2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lnwipc.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2013 11:42:26 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004B011
Sku Id=b58a5943-16ea-420f-a611-7b230acd762c

Error: (12/19/2013 11:42:26 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004B011

Error: (12/19/2013 11:41:37 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004B011
Sku Id=b58a5943-16ea-420f-a611-7b230acd762c

Error: (12/19/2013 11:41:37 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004B011

Error: (12/16/2013 01:33:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: RENNEGADE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/16/2013 01:33:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: RENNEGADE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/15/2013 09:36:25 PM) (Source: MsiInstaller) (User: RENNEGADE)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1925.You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.

Error: (12/15/2013 09:36:13 PM) (Source: MsiInstaller) (User: RENNEGADE)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1925.You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.

Error: (12/14/2013 08:46:19 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (12/14/2013 08:46:19 PM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DD77E15F-A2AF-42DB-9249-ADF173FF3EC1}

System errors:
=============
Error: (12/18/2013 04:10:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/20/2013 00:02:18 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (12/19/2013 11:52:05 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (12/19/2013 11:52:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (12/19/2013 11:43:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/17/2013 11:41:28 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/16/2013 10:00:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/16/2013 09:56:59 PM) (Source: DCOM) (User: RENNEGADE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RennegadeStephanieS-1-5-21-2977543710-2377266466-2606467688-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.1.321_x86__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257

Error: (12/16/2013 09:56:59 PM) (Source: DCOM) (User: RENNEGADE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RennegadeStephanieS-1-5-21-2977543710-2377266466-2606467688-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.1.321_x86__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257

Error: (12/16/2013 09:56:59 PM) (Source: DCOM) (User: RENNEGADE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RennegadeStephanieS-1-5-21-2977543710-2377266466-2606467688-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.1.321_x86__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257

Microsoft Office Sessions:
=========================
Error: (12/19/2013 11:42:26 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004B011b58a5943-16ea-420f-a611-7b230acd762c

Error: (12/19/2013 11:42:26 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004B01100010001(0x00000000, 23:42:25:118 - https://activation.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=o14)
00020001(0x00000000, 23:42:25:134)
00030001(0x00000000, 23:42:25:134 - https://activation.sls.microsoft.com)
00030002(0x00000000, 23:42:25:134 - 0)
00040001(0x00000000, 23:42:25:134 - https://activation.sls.microsoft.com)
00040002(0x00000000, 23:42:25:150 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 23:42:25:150 - 0, 1)
00040006(0x00000001, 23:42:25:150 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 23:42:25:150 - 0)
0002000C(0x00000000, 23:42:26:384 - 500)
00010002(0x8004FC01, 23:42:26:384 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004B011</HRESULT><HRESULT2>0xC004B011</HRESULT2><HRESULT3>0xC014B011</HRESULT3><Messages><Message>There is a time difference between client and server. </Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 23:42:26:384)

Error: (12/19/2013 11:41:37 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004B011b58a5943-16ea-420f-a611-7b230acd762c

Error: (12/19/2013 11:41:37 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004B01100010001(0x00000000, 23:41:36:038 - https://activation.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=o14)
00020001(0x00000000, 23:41:36:054)
00030001(0x00000000, 23:41:36:054 - https://activation.sls.microsoft.com)
00030002(0x00000000, 23:41:36:054 - 0)
00040001(0x00000000, 23:41:36:054 - https://activation.sls.microsoft.com)
00040002(0x00000000, 23:41:36:070 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 23:41:36:070 - 0, 1)
00040006(0x00000001, 23:41:36:070 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 23:41:36:070 - 0)
0002000C(0x00000000, 23:41:37:132 - 500)
00010002(0x8004FC01, 23:41:37:132 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004B011</HRESULT><HRESULT2>0xC004B011</HRESULT2><HRESULT3>0xC014B011</HRESULT3><Messages><Message>There is a time difference between client and server. </Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 23:41:37:132)

Error: (12/16/2013 01:33:37 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: RENNEGADE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/16/2013 01:33:30 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: RENNEGADE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/15/2013 09:36:25 PM) (Source: MsiInstaller)(User: RENNEGADE)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1925.You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/15/2013 09:36:13 PM) (Source: MsiInstaller)(User: RENNEGADE)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1925.You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/14/2013 08:46:19 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -2143485936

Error: (12/14/2013 08:46:19 PM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DD77E15F-A2AF-42DB-9249-ADF173FF3EC1}

==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1963.67 MB
Available physical RAM: 400.61 MB
Total Pagefile: 2603.67 MB
Available Pagefile: 1160.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:49.47 GB) (Free:27.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58 GB) (Disk ID: AEB86B98)

Partition: GPT Partition Type
==================== End Of Log ============================

Vielen Dank für Eure bzw. Deine Hilfe!

sunjojo · 18.12.2013, 22:02

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

sunjojo · 19.12.2013, 09:16

Hallo dilated,

Meine Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
- Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
- Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweise

Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.

Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
- http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Schritt 1
Bitte deinstalliere folgende Programme:

AVG Nation toolbar

Gehe dafür auf:

Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows XP: Start -> Systemsteuerung -> Kategorieansicht (falls nicht voreingestellt) -> Software

und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7).

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

AdwCleaner-Scan
FRST-Scan

dilated · 20.12.2013, 12:15

Hallo Jonas,

danke für deine Hilfe. Ehe ich mit allen Schritten anfange, eine Frage noch vorweg:

Du hast gesagt: "Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller."

Würde es helfen, wenn ich die Funktion "refresh" unter windows 8.1. zu benutzen, bei der zwar (laut Angabe) das Betriebssystem neu-installiert wird, aber die datein erhalten bleiben. Oder sitzt der Trojaner wisersearch auch in meinen Daten?

Vielen Dank für die Hilfe!

und noch an meine eben gestellte Frage anschließend: Wenn der Trojaner auch in meinen Daten sitzt und ich besser den gesamten Computer neu installiere, gibt es dann eine Möglichkeit, die Daten zu sichern (externe Festplatte/USB-Stick), ohne dass der Trojaner dann weiterhin fortbesteht?

sunjojo · 20.12.2013, 13:29

Hallo dilated,

ich kann dich schonmal beruhigen, du hast keinen Trojaner auf deinem Rechner, sondern nur Adware oder PUP's (potentially unwanted programs/vom User ohne Zustimmung installierte Programme). Diese manipulieren zum Beispiel gezielt deinen Browser, um Werbung anzuzeigen. Dafür werden unaufgefordert andere Seiten beim Öffnen eines neuen Tabs mitgeöffnet oder Poups erscheinen: Adware ? Wikipedia.

Zitat:

Oder sitzt der Trojaner wisersearch auch in meinen Daten?

Nein, deine persönlichen Daten sind davon nicht betroffen.

Zitat:

Würde es helfen, wenn ich die Funktion "refresh" unter windows 8.1. zu benutzen, bei der zwar (laut Angabe) das Betriebssystem neu-installiert wird, aber die datein erhalten bleiben.

Mit dieser Funktion solltest du nach dem Zurücksetzen auf die Originaleinstellung keine Probleme mehr haben. Meiner Meinung nach ist dies jedoch nicht nötig, den Adware/PUP's sind einfach zu entfernen.

Die Entscheidung liegt aber ganz bei dir (bitte mit kurzer Rückmeldung)

.

sunjojo · 25.12.2013, 22:48

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 48 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

sunjojo · 29.12.2013, 23:46

Fehlende Rückmeldung

Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. Falls du weitermachen willst, schicke mir bitte eine private Nachricht.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte folgendes lesen: http://www.trojaner-board.de/69886-a...-beachten.html und einen eigenen Thread erstellen.

Ebenfalls Probleme mit http://wisersearch.com/?channel=de_nt

Log-Analyse und Auswertung: Ebenfalls Probleme mit http://wisersearch.com/?channel=de_nt