|
Log-Analyse und Auswertung: Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.01.2014, 15:22 | #1 |
| Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. Hallo, ich habe die o. g. Fehlermeldung und die Log-Dateien auch schon erstellt: Addition und FRST siehe unten. Weiß jemand, wie ich weiter vorgehen muss? Herzlichen Dank bereits im Voraus. MaryLoo ######################### Addition: ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden ==================== Restore Points ========================= 29-12-2013 23:24:14 Installed Classic Shell 06-01-2014 16:53:08 Geplanter Prüfpunkt 13-01-2014 19:48:03 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02852596-7CA9-4A53-9CF1-62D1EFF834B3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2014-01-15] (Microsoft Corporation) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {05DFB97D-D085-45CA-8620-EA8479BC828A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {100AC631-AEFE-44B2-8D5A-CFE8994F4081} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-07-10] (SlimWare Utilities, Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23EDA762-04AF-434D-A872-2116395BA943} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-26] (AVAST Software) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E9D9AEF-10BB-48FE-BC5A-AD65E6C00AF5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {314C9385-2BBF-4671-A8CC-1AEF97C2EAA2} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Mareike\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {37A9DC9C-0B70-4483-AFB1-ED15A3D309A4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {4285C36F-B071-4297-995C-B210F405BA86} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {57BED76F-2B59-4B60-901D-90511173243E} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Mareike\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {6A4F69E9-ECDE-410B-8C4D-20BBE803C0C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {76F8B5B6-E640-461B-A7FB-B5852CD04FDD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7F268CCB-1857-4B1C-AE12-4EA5C9B52679} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {81854029-5869-4DC3-A034-69BBA9EEF401} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {97EC930E-BAE5-462B-912D-DF2E77D48530} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A654CDB9-9CE8-4D2D-BEDC-888CA43A2896} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {BDDDCAB7-B139-48AF-B168-98327A7E95AD} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {FFCBCE00-BE79-4B75-B839-8AB4C4493142} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\OneClick.exe [2013-08-30] (TuneUp Software) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-30 09:51 - 2013-08-30 09:51 - 00757048 _____ () C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\avgrepliba.dll 2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2014-01-21 13:17 - 2014-01-20 18:52 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012001\algo.dll 2013-12-09 10:27 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2013-12-09 10:27 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2013-12-09 10:27 - 2010-05-10 03:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2013-12-09 10:27 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2013-12-09 10:27 - 2012-11-01 11:26 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2013-12-09 10:27 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2012-10-20 06:35 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-11-26 10:23 - 2013-11-26 10:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00886624 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\libglesv2.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00108896 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\libegl.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00879968 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Mareike\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Could not start eventlog service, could not read events. Der angeforderte Dienst wurde bereits gestartet. Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3795.53 MB Available physical RAM: 2050.93 MB Total Pagefile: 4691.54 MB Available Pagefile: 2642.87 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.84 GB) (Free:231.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 7A80D030) Partition: GPT Partition Type ==================== End Of Log ============================ FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by Mareike (administrator) on MAREIKE-NB on 21-01-2014 14:46:08 Running from C:\Users\Mareike\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe () C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications) HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-26] (AVAST Software) HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] () HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE [241280 2013-11-18] (SEIKO EPSON CORPORATION) HKCU\...\Run: [AppsHat] - C:\Users\Mareike\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] () MountPoints2: {4fb156a1-5d90-11e3-beb3-2cd05a283f5e} - "D:\AutoRun.exe" MountPoints2: {4fb156e0-5d90-11e3-beb3-2cd05a283f5e} - "D:\AutoRun.exe" MountPoints2: {983b72e5-6031-11e3-beb4-2cd05a283f5e} - "D:\AutoRun.exe" HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {A1321AA7-C4E1-45E4-AE3E-5B36421D56DA} URL = SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=90FF5ED05A281E34&affID=121240&tsp=4993 SearchScopes: HKCU - {2964CFF3-C8EF-4A5C-9D50-1DF6B61E40E8} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=90ffd0880000000000005ed05a281e34&r=406 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = SearchScopes: HKCU - {72D7D848-109B-4332-958F-B39FBDC3E8EA} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=2d6e1b8b51284e1782cf7d6e57e167d8&tu=10G9y009U1B0CO0&sku=&tstsId=&ver=&&r=671 BHO: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - No File BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.255.212.1 FireFox: ======== FF ProfilePath: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default FF user.js: detected! => C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\user.js FF SearchEngineOrder.1: Google FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN14212751791384810&UM=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @phonostar.de/phonostar-Player - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\softonic.xml FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-1.6 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com [2014-01-06] FF Extension: LyricsSay-1 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com [2013-11-15] FF Extension: zonealarm.com - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\ffxtlbr@zonealarm.com [2013-08-12] FF Extension: 7Go - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\7go@7go.com.xpi [2013-10-14] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-12-08] FF Extension: Speed Analysis 2 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi [2013-10-07] FF Extension: Adblock Plus - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-22] FF Extension: Adblock Edge - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-26] Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Extension: (Google Docs) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20] CHR Extension: (Google Drive) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20] CHR Extension: (YouTube) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20] CHR Extension: (Google-Suche) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20] CHR Extension: (avast! Online Security) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-26] CHR Extension: (Plus-HD-1.6) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh [2013-11-30] CHR Extension: (Google Wallet) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (LyricsSay-1) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef [2013-10-13] CHR Extension: (Google Mail) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Mareike\AppData\Roaming\7go\7go.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-26] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-26] (AVAST Software) U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) U2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] () U2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com) U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) U2 TuneUp.UtilitiesSvc; C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE [2100024 2013-08-30] (TuneUp Software) U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) U3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] () U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) U2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) U2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) ==================== Drivers (Whitelisted) ==================== U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) U2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-26] (AVAST Software) U2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-26] (AVAST Software) U1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software) U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] () U1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-26] (AVAST Software) U1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-26] (AVAST Software) U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-26] () U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) U3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) U3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) U3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-02-04] (Windows (R) 2003 DDK 3790 provider) U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) U2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-11] (Windows (R) Win 7 DDK provider) U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-29] (Microsoft Corporation) U3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-01-21] () U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) U3 TuneUpUtilitiesDrv; C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) U3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x] U3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 14:46 - 2014-01-21 14:46 - 00025229 _____ C:\Users\Mareike\Desktop\Addition_21.01.14.txt 2014-01-21 14:44 - 2014-01-21 14:45 - 00025229 _____ C:\Users\Mareike\Desktop\Addition.txt 2014-01-21 14:42 - 2014-01-21 14:46 - 00025782 _____ C:\Users\Mareike\Desktop\FRST.txt 2014-01-21 14:42 - 2014-01-21 14:42 - 00000000 ____D C:\FRST 2014-01-21 14:41 - 2014-01-21 14:41 - 02077184 _____ (Farbar) C:\Users\Mareike\Desktop\FRST64.exe 2014-01-21 12:20 - 2014-01-21 12:20 - 00000000 ___RD C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\doPDF 7 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\Desktop\doPDF 7 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Softland 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Program Files\Softland 2014-01-19 23:20 - 2013-08-20 13:28 - 00025920 _____ (Softland) C:\WINDOWS\system32\dopdfmn7.dll 2014-01-19 23:20 - 2013-08-20 13:28 - 00021312 _____ (Softland) C:\WINDOWS\system32\dopdfmi7.dll 2014-01-19 23:20 - 2010-11-25 12:17 - 00007549 _____ C:\WINDOWS\system32\dopdf7.ctm 2014-01-19 23:18 - 2014-01-19 23:19 - 04201928 _____ (Softland ) C:\Program Files\dopdf-7.exe 2014-01-18 15:55 - 2014-01-18 15:55 - 00002770 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-01-17 15:03 - 2013-08-30 09:51 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe 2014-01-17 15:03 - 2013-08-30 09:51 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll 2014-01-17 15:03 - 2013-08-30 09:51 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll 2014-01-17 15:02 - 2014-01-17 15:02 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\TuneUp Software 2014-01-17 15:01 - 2014-01-17 15:03 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-17 15:00 - 2014-01-18 16:06 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-17 14:59 - 2014-01-18 16:16 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-17 14:58 - 2014-01-17 14:58 - 00001508 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-01-17 14:58 - 2014-01-17 14:58 - 00001215 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-01-17 14:57 - 2014-01-17 14:57 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\OpenCandy 2014-01-17 14:24 - 2014-01-17 14:24 - 00001198 _____ C:\Users\Mareike\Desktop\Videos - Verknüpfung.lnk 2014-01-16 11:40 - 2014-01-16 11:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2014-01-15 18:06 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-01-15 18:06 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-01-15 18:06 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-01-15 18:06 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll 2014-01-15 18:06 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-01-15 18:06 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 18:06 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-01-15 18:06 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 18:06 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-15 18:06 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-15 18:06 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\ProgramData\McAfee 2014-01-06 18:48 - 2014-01-06 18:48 - 00580292 _____ C:\Users\Mareike\Downloads\Projektmanagement.zip 2014-01-06 04:23 - 2014-01-06 04:24 - 00000000 ____D C:\Users\Mareike\AppData\Local\Canon Easy-PhotoPrint EX 2014-01-06 04:21 - 2014-01-13 20:42 - 00000000 ____D C:\Program Files\Canon Camera 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonEPP 2013-12-31 14:21 - 2014-01-21 14:37 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\ClassicShell 2013-12-31 14:21 - 2013-12-31 14:21 - 00000000 ____D C:\ProgramData\ClassicShell 2013-12-31 14:21 - 2013-12-30 00:30 - 00002170 _____ C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2013-12-30 00:30 - 2013-12-30 00:30 - 00000000 ____D C:\Program Files\Classic Shell 2013-12-30 00:17 - 2013-12-30 00:17 - 04285072 _____ (LionSea Software ) C:\Program Files\Reparatur Tool - smartpcfixer - setup.exe 2013-12-22 13:48 - 2013-12-22 13:48 - 00000000 ____D C:\ProgramData\ZoomBrowser ==================== One Month Modified Files and Folders ======= 2014-01-21 14:46 - 2014-01-21 14:46 - 00025229 _____ C:\Users\Mareike\Desktop\Addition_21.01.14.txt 2014-01-21 14:46 - 2014-01-21 14:42 - 00025782 _____ C:\Users\Mareike\Desktop\FRST.txt 2014-01-21 14:45 - 2014-01-21 14:44 - 00025229 _____ C:\Users\Mareike\Desktop\Addition.txt 2014-01-21 14:42 - 2014-01-21 14:42 - 00000000 ____D C:\FRST 2014-01-21 14:42 - 2013-08-11 17:53 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-927294191-717072922-153577076-1002 2014-01-21 14:41 - 2014-01-21 14:41 - 02077184 _____ (Farbar) C:\Users\Mareike\Desktop\FRST64.exe 2014-01-21 14:39 - 2012-10-20 06:47 - 00000000 ____D C:\ProgramData\WinClon 2014-01-21 14:38 - 2013-11-29 11:26 - 00000000 __RDO C:\Users\Mareike\SkyDrive 2014-01-21 14:38 - 2013-11-26 10:26 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-21 14:37 - 2013-12-31 14:21 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\ClassicShell 2014-01-21 14:37 - 2013-11-29 10:41 - 01498135 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-21 14:37 - 2013-09-02 23:11 - 00016152 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys 2014-01-21 14:37 - 2013-09-02 23:11 - 00000436 _____ C:\WINDOWS\Tasks\SlimDrivers Startup.job 2014-01-21 14:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2014-01-21 13:36 - 2013-11-26 10:26 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-21 12:56 - 2013-08-12 15:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-21 12:20 - 2014-01-21 12:20 - 00000000 ___RD C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\doPDF 7 2014-01-21 12:04 - 2013-12-11 23:44 - 00000000 ____D C:\ProgramData\Spyware Terminator 2014-01-21 12:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2014-01-20 00:38 - 2013-12-08 18:46 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09FD12B5-E364-4FF7-AE6D-BAF3212E2F15} 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\Desktop\doPDF 7 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Softland 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Program Files\Softland 2014-01-19 23:19 - 2014-01-19 23:18 - 04201928 _____ (Softland ) C:\Program Files\dopdf-7.exe 2014-01-19 22:45 - 2013-11-18 11:13 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Epson 2014-01-18 18:59 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-18 18:59 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2014-01-18 18:59 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2014-01-18 18:24 - 2013-08-22 15:46 - 00340452 _____ C:\WINDOWS\setupact.log 2014-01-18 18:11 - 2013-09-29 20:04 - 00308110 _____ C:\WINDOWS\PFRO.log 2014-01-18 18:11 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-18 18:11 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2014-01-18 16:16 - 2014-01-17 14:59 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-18 16:16 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mareike\Desktop\Programmverknüpfungen 2014-01-18 16:06 - 2014-01-17 15:00 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-18 15:55 - 2014-01-18 15:55 - 00002770 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-01-17 23:44 - 2013-11-29 10:49 - 00000000 ____D C:\Users\Mareike 2014-01-17 15:22 - 2013-08-11 17:47 - 00000000 ____D C:\Users\Mareike\AppData\Local\VirtualStore 2014-01-17 15:03 - 2014-01-17 15:01 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-17 15:02 - 2014-01-17 15:02 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\TuneUp Software 2014-01-17 14:58 - 2014-01-17 14:58 - 00001508 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-01-17 14:58 - 2014-01-17 14:58 - 00001215 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-01-17 14:58 - 2013-11-22 16:54 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2014-01-17 14:57 - 2014-01-17 14:57 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\OpenCandy 2014-01-17 14:57 - 2013-09-08 21:42 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\DVDVideoSoft 2014-01-17 14:24 - 2014-01-17 14:24 - 00001198 _____ C:\Users\Mareike\Desktop\Videos - Verknüpfung.lnk 2014-01-17 14:22 - 2013-11-09 02:08 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\vlc 2014-01-17 14:08 - 2013-12-08 18:40 - 00000000 ____D C:\Program Files\Crack Adobe CC 2014-01-17 11:06 - 2013-11-10 21:18 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\PhotoScape 2014-01-16 11:40 - 2014-01-16 11:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2014-01-16 10:02 - 2013-11-26 10:29 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-01-15 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2014-01-15 18:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2014-01-15 18:29 - 2013-08-15 14:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-15 18:22 - 2013-08-15 14:02 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-13 20:42 - 2014-01-06 04:21 - 00000000 ____D C:\Program Files\Canon Camera 2014-01-13 19:56 - 2013-08-11 21:23 - 00000000 ____D C:\Mareike 2014-01-13 19:44 - 2013-11-22 16:45 - 00019456 ____H C:\Users\Mareike\Desktop\photothumb.db 2014-01-11 17:15 - 2013-08-11 17:48 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Adobe 2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-06 23:30 - 2013-08-11 17:49 - 00000000 ____D C:\Users\Mareike\AppData\Local\Adobe 2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\ProgramData\McAfee 2014-01-06 23:26 - 2012-10-20 06:51 - 00000000 ____D C:\ProgramData\Adobe 2014-01-06 23:25 - 2012-10-20 06:51 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-06 23:22 - 2013-10-22 12:33 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Skype 2014-01-06 18:48 - 2014-01-06 18:48 - 00580292 _____ C:\Users\Mareike\Downloads\Projektmanagement.zip 2014-01-06 04:24 - 2014-01-06 04:23 - 00000000 ____D C:\Users\Mareike\AppData\Local\Canon Easy-PhotoPrint EX 2014-01-06 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2014-01-06 04:20 - 2013-08-20 20:56 - 00000000 ____D C:\Program Files\Canon Printer 2014-01-06 04:10 - 2013-08-12 18:33 - 00000000 ____D C:\Program Files (x86)\Canon 2014-01-06 04:09 - 2013-09-03 00:24 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Canon 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonEPP 2013-12-31 14:21 - 2013-12-31 14:21 - 00000000 ____D C:\ProgramData\ClassicShell 2013-12-30 00:30 - 2013-12-31 14:21 - 00002170 _____ C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2013-12-30 00:30 - 2013-12-30 00:30 - 00000000 ____D C:\Program Files\Classic Shell 2013-12-30 00:20 - 2013-11-08 04:38 - 00012375 _____ C:\Users\Mareike\Documents\Abrechnung Florida-Urlaub Mareike_Anita_2013.xlsx 2013-12-30 00:17 - 2013-12-30 00:17 - 04285072 _____ (LionSea Software ) C:\Program Files\Reparatur Tool - smartpcfixer - setup.exe 2013-12-29 17:18 - 2013-08-22 15:44 - 05139496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-22 23:49 - 2013-08-11 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-22 23:45 - 2012-10-20 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-12-22 23:43 - 2013-09-30 04:59 - 00000000 ____D C:\WINDOWS\ShellNew 2013-12-22 14:12 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-22 13:54 - 2013-08-11 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-22 13:48 - 2013-12-22 13:48 - 00000000 ____D C:\ProgramData\ZoomBrowser Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 21:06 ==================== End Of Log ============================ Zusätzliche Info: Ich habe AVAST! Free Antivirus installiert. Es gibt auch noch eine weitere Fehlermeldung: Spyware Terminator Echtzeit-Schutz Cannot create shell notification Icon |
21.01.2014, 15:37 | #2 |
/// TB-Ausbilder | Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. Hallo,
__________________die Addition.txt ist unvollständig, da fehlt die obere Hälfte. Kannst du dieses Log bitte noch einmal komplett nachreichen?
__________________ |
21.01.2014, 16:45 | #3 |
| Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. Ich glaube, der Fehler ist behoben. Ich bin wie folgt vorgegangen:
__________________-Press Windows key + R on your keyboard to launch the Run box. -Type taskschd.msc in this box and hit Enter to open Task Scheduler window. -Click on the Task Scheduler Library folder in the left panel. -Now locate and right click the Background Container task in the middle panel -Choose to Delete this task and Exit Task Scheduler. Hier nochmal die Log-Dateien... ...FRST..... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by Mareike (administrator) on MAREIKE-NB on 21-01-2014 16:37:27 Running from C:\Users\Mareike\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor) HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications) HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-21] (AVAST Software) HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2013-04-25] () HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE [241280 2013-11-18] (SEIKO EPSON CORPORATION) HKCU\...\Run: [AppsHat] - C:\Users\Mareike\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] () MountPoints2: {4fb156a1-5d90-11e3-beb3-2cd05a283f5e} - "D:\AutoRun.exe" MountPoints2: {4fb156e0-5d90-11e3-beb3-2cd05a283f5e} - "D:\AutoRun.exe" MountPoints2: {983b72e5-6031-11e3-beb4-2cd05a283f5e} - "D:\AutoRun.exe" HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1385135312&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9BD145925&q={searchTerms} SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {A1321AA7-C4E1-45E4-AE3E-5B36421D56DA} URL = SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=90FF5ED05A281E34&affID=121240&tsp=4993 SearchScopes: HKCU - {2964CFF3-C8EF-4A5C-9D50-1DF6B61E40E8} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=90ffd0880000000000005ed05a281e34&r=406 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = SearchScopes: HKCU - {72D7D848-109B-4332-958F-B39FBDC3E8EA} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=2d6e1b8b51284e1782cf7d6e57e167d8&tu=10G9y009U1B0CO0&sku=&tstsId=&ver=&&r=671 BHO: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - No File BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - No File BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.255.212.1 FireFox: ======== FF ProfilePath: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default FF user.js: detected! => C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\user.js FF SearchEngineOrder.1: Google FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN14212751791384810&UM=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @phonostar.de/phonostar-Player - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\softonic.xml FF SearchPlugin: C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\searchplugins\zonealarm.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Plus-HD-1.6 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com [2014-01-06] FF Extension: LyricsSay-1 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com [2013-11-15] FF Extension: zonealarm.com - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\ffxtlbr@zonealarm.com [2013-08-12] FF Extension: 7Go - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\7go@7go.com.xpi [2013-10-14] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-12-08] FF Extension: Speed Analysis 2 - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi [2013-10-07] FF Extension: Adblock Plus - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-22] FF Extension: Adblock Edge - C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\y10l559d.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-12-08] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-26] Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Extension: (Google Docs) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20] CHR Extension: (Google Drive) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20] CHR Extension: (YouTube) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20] CHR Extension: (Google-Suche) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20] CHR Extension: (avast! Online Security) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-26] CHR Extension: (Plus-HD-1.6) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh [2013-11-30] CHR Extension: (Google Wallet) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (LyricsSay-1) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef [2013-10-13] CHR Extension: (Google Mail) - C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Mareike\AppData\Roaming\7go\7go.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-26] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-21] (AVAST Software) U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) U2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) U2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] () U2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com) U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) U2 TuneUp.UtilitiesSvc; C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE64.EXE [2100024 2013-08-30] (TuneUp Software) U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) U3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] () U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) U2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) U2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) ==================== Drivers (Whitelisted) ==================== U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) U2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-21] (AVAST Software) U1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software) U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] () U1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2014-01-21] (AVAST Software) U1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2014-01-21] (AVAST Software) U3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2014-01-21] (AVAST Software) U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-21] () U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) U3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) U3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) U3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-02-04] (Windows (R) 2003 DDK 3790 provider) U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) U2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-11] (Windows (R) Win 7 DDK provider) U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-29] (Microsoft Corporation) U3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-01-21] () U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) U3 TuneUpUtilitiesDrv; C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) U3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x] U3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 16:37 - 2014-01-21 16:37 - 00025456 _____ C:\Users\Mareike\Desktop\FRST.txt 2014-01-21 15:40 - 2014-01-21 15:40 - 00089204 _____ C:\Users\Mareike\Desktop\Sicherung_Änderung der Registry_21.01.14.reg 2014-01-21 15:34 - 2014-01-21 15:34 - 00002776 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 ____D C:\Program Files\CCleaner 2014-01-21 15:30 - 2014-01-21 15:30 - 03571656 _____ (Piriform Ltd) C:\Program Files\ccsetup409_slim.exe 2014-01-21 15:06 - 2014-01-21 15:06 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-01-21 14:42 - 2014-01-21 14:42 - 00000000 ____D C:\FRST 2014-01-21 14:41 - 2014-01-21 14:41 - 02077184 _____ (Farbar) C:\Users\Mareike\Desktop\FRST64.exe 2014-01-21 12:20 - 2014-01-21 12:20 - 00000000 ___RD C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\doPDF 7 2014-01-19 23:20 - 2014-01-21 15:47 - 00000000 ____D C:\Program Files\doPDF 7 2014-01-19 23:20 - 2014-01-19 23:20 - 00001827 _____ C:\Users\Mareike\Desktop\doPDF.lnk 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Softland 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Program Files\Softland 2014-01-19 23:20 - 2013-08-20 13:28 - 00025920 _____ (Softland) C:\WINDOWS\system32\dopdfmn7.dll 2014-01-19 23:20 - 2013-08-20 13:28 - 00021312 _____ (Softland) C:\WINDOWS\system32\dopdfmi7.dll 2014-01-19 23:20 - 2010-11-25 12:17 - 00007549 _____ C:\WINDOWS\system32\dopdf7.ctm 2014-01-19 23:18 - 2014-01-19 23:19 - 04201928 _____ (Softland ) C:\Program Files\dopdf-7.exe 2014-01-17 15:03 - 2013-08-30 09:51 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe 2014-01-17 15:03 - 2013-08-30 09:51 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll 2014-01-17 15:03 - 2013-08-30 09:51 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll 2014-01-17 15:02 - 2014-01-17 15:02 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\TuneUp Software 2014-01-17 15:01 - 2014-01-17 15:03 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-17 15:00 - 2014-01-18 16:06 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-17 14:59 - 2014-01-18 16:16 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-17 14:57 - 2014-01-17 14:57 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\OpenCandy 2014-01-17 14:24 - 2014-01-17 14:24 - 00001198 _____ C:\Users\Mareike\Desktop\Videos - Verknüpfung.lnk 2014-01-16 11:40 - 2014-01-16 11:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2014-01-15 18:06 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-01-15 18:06 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-01-15 18:06 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-01-15 18:06 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll 2014-01-15 18:06 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-01-15 18:06 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 18:06 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-01-15 18:06 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-15 18:06 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-01-15 18:06 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-01-15 18:06 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-01-10 14:33 - 2014-01-21 15:31 - 00010927 _____ C:\Users\Mareike\Desktop\Antrag Kostenerstattung Arbeitsamt.xlsx 2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\ProgramData\McAfee 2014-01-06 18:48 - 2014-01-06 18:48 - 00580292 _____ C:\Users\Mareike\Downloads\Projektmanagement.zip 2014-01-06 04:23 - 2014-01-06 04:24 - 00000000 ____D C:\Users\Mareike\AppData\Local\Canon Easy-PhotoPrint EX 2014-01-06 04:21 - 2014-01-13 20:42 - 00000000 ____D C:\Program Files\Canon Camera 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonEPP 2013-12-31 14:21 - 2014-01-21 16:36 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\ClassicShell 2013-12-31 14:21 - 2013-12-31 14:21 - 00000000 ____D C:\ProgramData\ClassicShell 2013-12-31 14:21 - 2013-12-30 00:30 - 00002170 _____ C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2013-12-30 00:30 - 2013-12-30 00:30 - 00000000 ____D C:\Program Files\Classic Shell 2013-12-30 00:17 - 2013-12-30 00:17 - 04285072 _____ (LionSea Software ) C:\Program Files\Reparatur Tool - smartpcfixer - setup.exe 2013-12-22 13:48 - 2013-12-22 13:48 - 00000000 ____D C:\ProgramData\ZoomBrowser ==================== One Month Modified Files and Folders ======= 2014-01-21 16:38 - 2014-01-21 16:37 - 00025456 _____ C:\Users\Mareike\Desktop\FRST.txt 2014-01-21 16:37 - 2013-11-29 11:26 - 00000000 __RDO C:\Users\Mareike\SkyDrive 2014-01-21 16:36 - 2013-12-31 14:21 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\ClassicShell 2014-01-21 16:36 - 2013-11-29 10:49 - 00000000 ____D C:\Users\Mareike 2014-01-21 16:36 - 2013-11-26 10:26 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-21 16:36 - 2013-11-26 10:26 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-21 16:33 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-21 16:23 - 2013-08-11 17:53 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-927294191-717072922-153577076-1002 2014-01-21 16:17 - 2013-11-29 10:41 - 01573933 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-21 16:04 - 2012-10-20 06:47 - 00000000 ____D C:\ProgramData\WinClon 2014-01-21 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2014-01-21 15:58 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2014-01-21 15:56 - 2013-08-12 15:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-21 15:49 - 2013-12-08 18:46 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{09FD12B5-E364-4FF7-AE6D-BAF3212E2F15} 2014-01-21 15:47 - 2014-01-19 23:20 - 00000000 ____D C:\Program Files\doPDF 7 2014-01-21 15:45 - 2013-11-22 17:14 - 00000000 ____D C:\Users\Mareike\Desktop\Programmverknüpfungen 2014-01-21 15:44 - 2013-09-02 23:11 - 00016152 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys 2014-01-21 15:40 - 2014-01-21 15:40 - 00089204 _____ C:\Users\Mareike\Desktop\Sicherung_Änderung der Registry_21.01.14.reg 2014-01-21 15:37 - 2013-11-29 10:37 - 00000000 ___DC C:\WINDOWS\Panther 2014-01-21 15:37 - 2013-08-12 18:46 - 00000000 ____D C:\Users\Mareike\AppData\Local\CrashDumps 2014-01-21 15:34 - 2014-01-21 15:34 - 00002776 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 ____D C:\Program Files\CCleaner 2014-01-21 15:32 - 2013-08-11 21:23 - 00000000 ____D C:\Mareike 2014-01-21 15:31 - 2014-01-10 14:33 - 00010927 _____ C:\Users\Mareike\Desktop\Antrag Kostenerstattung Arbeitsamt.xlsx 2014-01-21 15:30 - 2014-01-21 15:30 - 03571656 _____ (Piriform Ltd) C:\Program Files\ccsetup409_slim.exe 2014-01-21 15:06 - 2014-01-21 15:06 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-01-21 15:06 - 2013-11-26 10:29 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-01-21 15:06 - 2013-11-26 10:23 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-01-21 15:06 - 2013-11-26 10:23 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-01-21 15:06 - 2013-11-26 10:23 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-01-21 15:06 - 2013-11-26 10:23 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-01-21 15:06 - 2013-11-26 10:23 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-01-21 15:05 - 2013-11-26 10:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-01-21 14:42 - 2014-01-21 14:42 - 00000000 ____D C:\FRST 2014-01-21 14:41 - 2014-01-21 14:41 - 02077184 _____ (Farbar) C:\Users\Mareike\Desktop\FRST64.exe 2014-01-21 12:20 - 2014-01-21 12:20 - 00000000 ___RD C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\doPDF 7 2014-01-21 12:04 - 2013-12-11 23:44 - 00000000 ____D C:\ProgramData\Spyware Terminator 2014-01-21 12:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2014-01-19 23:20 - 2014-01-19 23:20 - 00001827 _____ C:\Users\Mareike\Desktop\doPDF.lnk 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Softland 2014-01-19 23:20 - 2014-01-19 23:20 - 00000000 ____D C:\Program Files\Softland 2014-01-19 23:19 - 2014-01-19 23:18 - 04201928 _____ (Softland ) C:\Program Files\dopdf-7.exe 2014-01-19 22:45 - 2013-11-18 11:13 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Epson 2014-01-18 18:59 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-18 18:59 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2014-01-18 18:59 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2014-01-18 16:16 - 2014-01-17 14:59 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-18 16:06 - 2014-01-17 15:00 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-17 15:22 - 2013-08-11 17:47 - 00000000 ____D C:\Users\Mareike\AppData\Local\VirtualStore 2014-01-17 15:03 - 2014-01-17 15:01 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014 2014-01-17 15:02 - 2014-01-17 15:02 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\TuneUp Software 2014-01-17 14:58 - 2013-11-22 16:54 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2014-01-17 14:57 - 2014-01-17 14:57 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\OpenCandy 2014-01-17 14:57 - 2013-09-08 21:42 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\DVDVideoSoft 2014-01-17 14:24 - 2014-01-17 14:24 - 00001198 _____ C:\Users\Mareike\Desktop\Videos - Verknüpfung.lnk 2014-01-17 14:22 - 2013-11-09 02:08 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\vlc 2014-01-17 14:08 - 2013-12-08 18:40 - 00000000 ____D C:\Program Files\Crack Adobe CC 2014-01-17 11:06 - 2013-11-10 21:18 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\PhotoScape 2014-01-16 11:40 - 2014-01-16 11:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2014-01-15 19:47 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2014-01-15 18:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2014-01-15 18:29 - 2013-08-15 14:02 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-15 18:22 - 2013-08-15 14:02 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-13 20:42 - 2014-01-06 04:21 - 00000000 ____D C:\Program Files\Canon Camera 2014-01-13 19:44 - 2013-11-22 16:45 - 00019456 ____H C:\Users\Mareike\Desktop\photothumb.db 2014-01-11 17:15 - 2013-08-11 17:48 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Adobe 2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-06 23:30 - 2013-08-11 17:49 - 00000000 ____D C:\Users\Mareike\AppData\Local\Adobe 2014-01-06 23:27 - 2014-01-06 23:27 - 00000000 ____D C:\ProgramData\McAfee 2014-01-06 23:26 - 2012-10-20 06:51 - 00000000 ____D C:\ProgramData\Adobe 2014-01-06 23:25 - 2012-10-20 06:51 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-06 23:22 - 2013-10-22 12:33 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Skype 2014-01-06 18:48 - 2014-01-06 18:48 - 00580292 _____ C:\Users\Mareike\Downloads\Projektmanagement.zip 2014-01-06 04:24 - 2014-01-06 04:23 - 00000000 ____D C:\Users\Mareike\AppData\Local\Canon Easy-PhotoPrint EX 2014-01-06 04:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2014-01-06 04:20 - 2013-08-20 20:56 - 00000000 ____D C:\Program Files\Canon Printer 2014-01-06 04:10 - 2013-08-12 18:33 - 00000000 ____D C:\Program Files (x86)\Canon 2014-01-06 04:09 - 2013-09-03 00:24 - 00000000 ____D C:\Users\Mareike\AppData\Roaming\Canon 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2 2014-01-06 04:03 - 2014-01-06 04:03 - 00000000 ___HD C:\ProgramData\CanonEPP 2013-12-31 14:21 - 2013-12-31 14:21 - 00000000 ____D C:\ProgramData\ClassicShell 2013-12-30 00:30 - 2013-12-31 14:21 - 00002170 _____ C:\Users\Mareike\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk 2013-12-30 00:30 - 2013-12-30 00:30 - 00000000 ____D C:\Program Files\Classic Shell 2013-12-30 00:20 - 2013-11-08 04:38 - 00012375 _____ C:\Users\Mareike\Documents\Abrechnung Florida-Urlaub Mareike_Anita_2013.xlsx 2013-12-30 00:17 - 2013-12-30 00:17 - 04285072 _____ (LionSea Software ) C:\Program Files\Reparatur Tool - smartpcfixer - setup.exe 2013-12-29 17:18 - 2013-08-22 15:44 - 05139496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-22 23:49 - 2013-08-11 17:57 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-22 23:45 - 2012-10-20 07:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-12-22 23:43 - 2013-09-30 04:59 - 00000000 ____D C:\WINDOWS\ShellNew 2013-12-22 14:12 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-22 13:54 - 2013-08-11 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-22 13:48 - 2013-12-22 13:48 - 00000000 ____D C:\ProgramData\ZoomBrowser Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 21:06 ==================== End Of Log ============================ --- --- --- Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014 Ran by Mareike at 2014-01-21 16:43:27 Running from C:\Users\Mareike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Creative Cloud (x32 Version: 2.2.1.260 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software) Benutzerhandbuch EPSON BX935FWD Series (x32 Version: - ) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.5.0.3 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.1.6 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (x32 Version: 3.3.0.5 - Canon Inc.) Canon Utilities CameraWindow (x32 Version: 7.1.0.2 - Canon Inc.) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.2.16 - Canon Inc.) Canon Utilities Digital Photo Professional 3.4 (x32 Version: 3.4.0.0 - Canon Inc.) Canon Utilities EOS Utility (x32 Version: 2.4.0.1 - Canon Inc.) Canon Utilities MyCamera (x32 Version: 6.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (x32 Version: 3.1.21.45 - Canon Inc.) Canon Utilities Picture Style Editor (x32 Version: 1.3.0.0 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.1.9 - Canon Inc.) Canon Utilities WFT-E1/E2/E3 Utility (x32 Version: 3.2.1.1 - Canon Inc.) Canon Utilities ZoomBrowser EX (x32 Version: 6.1.1.21 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.1.0.8 - Canon Inc.) CCleaner (Version: 4.09 - Piriform) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Classic Shell (Version: 4.0.2 - IvoSoft) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) doPDF 7.3 printer (Version: 7.3.393 - Softland) Download Navigator (x32 Version: 1.1.0 - SEIKO EPSON CORPORATION) Easy File Share (x32 Version: 1.3.4 - Samsung Electronics CO.,LTD.) E-POP (x32 Version: 1.0.1 - Samsung Electronics CO., LTD.) EPSON BX935FWD Series Printer Uninstall (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (x32 Version: 2.3.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (x32 Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (x32 Version: 1.20.00 - SEIKO EPSON CORPORATION) EPSON Scan (x32 Version: - Seiko Epson Corporation) EpsonNet Print (x32 Version: 2.4j - SEIKO EPSON CORPORATION) Extended Update (HKCU Version: - ) File Opener Pro (x32 Version: - FileOpenerPro) <==== ATTENTION Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Free YouTube Download version 3.2.16.1030 (x32 Version: 3.2.16.1030 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (x32 Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Help Desk (Version: 1.0.6 - Samsung Electronics CO., LTD.) Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mobile Partner (x32 Version: 23.009.05.03.1014 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden Netzwerkhandbuch EPSON BX935FWD Series (x32 Version: - ) NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden Opera Stable 18.0.1284.68 (x32 Version: 18.0.1284.68 - Opera Software ASA) PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 5.7.0 (x32 Version: - PDF24.org) phonostar-Player Version 3.03.1 (x32 Version: - ) Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden PhotoScape (x32 Version: - ) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros) QuickShare (x32 Version: 1.90.60.12091 - Linkury Inc.) <==== ATTENTION Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Recovery (x32 Version: 6.0.6.5 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Settings (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.) SlimDrivers (x32 Version: 2.2.30877 - SlimWare Utilities, Inc.) SpyHunter (Version: 4.16.5.4290 - Enigma Software Group USA, LLC) Spyware Terminator 2012 (x32 Version: 3.0.0.82 - Crawler.com) Support Center (Version: 2.1.1201 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (Version: 16.2.11.3 - Synaptics Incorporated) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) User Guide (x32 Version: 1.2.00 - Samsung Electronics CO., LTD.) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Video Performer (x32 Version: - PerformerSoft LLC) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.) Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH) ZoneAlarm Firewall (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 29-12-2013 23:24:14 Installed Classic Shell 06-01-2014 16:53:08 Geplanter Prüfpunkt 13-01-2014 19:48:03 Geplanter Prüfpunkt 21-01-2014 14:02:35 avast! antivirus system restore point ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {05DFB97D-D085-45CA-8620-EA8479BC828A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E9D9AEF-10BB-48FE-BC5A-AD65E6C00AF5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation) Task: {314C9385-2BBF-4671-A8CC-1AEF97C2EAA2} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Mareike\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {37A9DC9C-0B70-4483-AFB1-ED15A3D309A4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {4285C36F-B071-4297-995C-B210F405BA86} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6A4F69E9-ECDE-410B-8C4D-20BBE803C0C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {76F8B5B6-E640-461B-A7FB-B5852CD04FDD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7F268CCB-1857-4B1C-AE12-4EA5C9B52679} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {81854029-5869-4DC3-A034-69BBA9EEF401} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.) Task: {852DD497-DFE2-42A4-9C85-9B07B430AD6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2014-01-15] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {97EC930E-BAE5-462B-912D-DF2E77D48530} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A654CDB9-9CE8-4D2D-BEDC-888CA43A2896} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {BDDDCAB7-B139-48AF-B168-98327A7E95AD} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {E7A8C99B-AE9F-42EB-9B7B-9B09156BB114} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2013-12-17] (Piriform Ltd) Task: {FC22B48F-212A-4842-A2CB-AC13371094C6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-21] (AVAST Software) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-08-30 09:51 - 2013-08-30 09:51 - 00757048 _____ () C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\avgrepliba.dll 2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2014-01-21 14:58 - 2014-01-21 10:27 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012100\algo.dll 2013-12-09 10:27 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2013-12-09 10:27 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2013-12-09 10:27 - 2010-05-10 03:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2013-12-09 10:27 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2013-12-09 10:27 - 2012-11-01 11:26 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2013-12-09 10:27 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-11-26 10:23 - 2013-11-26 10:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-10-20 06:35 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00886624 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\libglesv2.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00108896 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\libegl.dll 2013-12-21 01:20 - 2013-12-12 10:15 - 00879968 _____ () C:\Program Files (x86)\Opera\18.0.1284.68\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Mareike\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Could not start eventlog service, could not read events. Der angeforderte Dienst wurde bereits gestartet. Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 3795.53 MB Available physical RAM: 2354.62 MB Total Pagefile: 4755.54 MB Available Pagefile: 3149.25 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.84 GB) (Free:232.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 7A80D030) Partition: GPT Partition Type ==================== End Of Log ============================ |
21.01.2014, 17:06 | #4 |
/// TB-Ausbilder | Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
Themen zu Run DLL C:\Users\Mareike\AppData\Local\ConduitBackground\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. |
.dll, adblock, administrator, adobe, antivirus, avast, browser, defender, explorer, fehlermeldung, flash player, homepage, hotspot, launch, mozilla, mp3, object, realtek, registry, rundll, security, services.exe, software, spyware, svchost.exe, system, windows, windowsapps, winlogon.exe |