| |
| |||||||
Log-Analyse und Auswertung: Windows7 - eGdpSvc.exe Trojan - Internetoptionen geht nicht- OnlinebankingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.02.2014, 12:15
| #1 |
| |  Windows7 - eGdpSvc.exe Trojan - Internetoptionen geht nicht- Onlinebanking Hallo helfende Hand  mir ist aufgefallen, dass mein Laptop sich merkwürdig verhält! (Toshiba Satellite-Windows7-SP1-Firefox) es fing an, dass ich nicht mehr in meinen Internetoptionen reingekommen bin, über die Systemsteuerung! Des weiteren funzt auch der Firefox nicht mehr so wie ich es gewohnt bin! ich habe einige Websites in der Jumpliste von Firefox angeheftet, die ich immer auf diesen Weg angewählt habe um ein externen TAB zu öffnen & somit direkt auf meine angehefteten Sites zu landen. Egal aber wie oft ich den Firefox schon deinstalliert habe, leitet er mich immer wieder auf Google zurück. Ich habe mal einen Scan durchgeführt mit HitmanPro & der fand 3 Malware, 1 Riskware & auch einen Trojan namens eGdpSvc.exe! Alle sind z.Z. in Quarantäne  Was mich aber am meisten beängstigt ist, dass mir beim Onlinebanking erzählt wird, dass die Tan schon verbraucht ist! Deshalb wende ich mich an Euch, da ich aufs banking nicht verzichten kann! Hoffe alles richtig beachtet zu haben & hoffe mir kann geholfen werden?! LG Sanchoss Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Sascha & Nancy (administrator) on TOSHIBA on 04-02-2014 10:41:29
Running from C:\Users\Sascha & Nancy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Microsoft) C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DNSService.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [ProtectedNET] - C:\Users\Sascha & Nancy\Desktop\Laufwerk\Jappy Rang + Credit Hack by JiNNy.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Run: [logger] - wscript.exe //B "C:\Users\SASCHA~1\AppData\Local\Temp\logger.vbs" <===== ATTENTION
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Run: [AppsHat] - C:\Users\Sascha & Nancy\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: F - F:\Windows\StartFreeStyle.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {03692143-0ef0-11e3-b86b-00266ca80786} - H:\OriginInstaller.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {0cb7b62b-edd6-11e1-af14-00266ca80786} - G:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {0cb7b632-edd6-11e1-af14-00266ca80786} - G:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {0cb7b65e-edd6-11e1-af14-00266ca80786} - G:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {16737d40-ef63-11e2-bb4d-00266ca80786} - F:\Windows\StartFreeStyle.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {25143ae8-a14c-11e0-bd9d-00266ca80786} - G:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {25143aee-a14c-11e0-bd9d-00266ca80786} - G:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {41b933f8-27bd-11e1-90f6-00266ca80786} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {46866801-485f-11e1-8d41-00266ca80786} - F:\LGAutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {598939d1-1d9a-11e1-bab4-00266ca80786} - F:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {598939d6-1d9a-11e1-bab4-00266ca80786} - F:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {99948c1c-26f7-11e1-b79e-00266ca80786} - F:\AutoRun.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {a9856250-36ba-11e2-947c-00266ca80786} - F:\zdata\cobi.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\MountPoints2: {f6528305-95ce-11e2-ade5-00266ca80786} - F:\setup.exe
HKU\S-1-5-21-2086433155-968339950-4243989774-1000\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => File Not Found
AppInit_DLLs: c:\progra~2\movies~1\safety~1\x64\safety~2.dll => File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies toolbar\safetynut\x64\safetycrt.dll
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies toolbar\safetynut\safetycrt.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=ST9500325AS_6VEHGAQRXXXX6VEHGAQR&ts=1367078727
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = https://isearch.avg.com/?cid={D4128F4D-FFC4-4AD1-8D6B-8FA976F2493E}&mid=16cd0fb9c80147d1b59ad16f2a4cee75-ca2be2ccc0d80f6eca87e1d1dfbe0cd3c2f66768&lang=en&ds=ft011&pr=sa&d=2012-07-25 16:17:44&v=12.1.0.21&sap=hp
URLSearchHook: HKCU - (No Name) - {62d40876-df18-411f-9d34-a9dd7a197bc5} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=ST9500325AS_6VEHGAQRXXXX6VEHGAQR&ts=7077985
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=ST9500325AS_6VEHGAQRXXXX6VEHGAQR&ts=7077985
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a10918-126&apn_uid=7490831145054531&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzuyE0C0E0D0D0E0FyCyC0F0FyEzy0ByDyDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785632500
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {178A504F-74E0-4342-9DF2-00A4A0B137F8} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={ED33D242-60D1-11E2-B3A9-00266CA80786}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a10918-126&apn_uid=7490831145054531&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {5319BB5F-8644-FBC1-3546-685F8AE5B160} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=430&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzuyE0C0E0D0D0E0FyCyC0F0FyEzy0ByDyDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785632500
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKCU - {3F7E5C68-5C60-4FB5-B191-1B04DDDE8979} URL =
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL =
SearchScopes: HKCU - {6ADFBB29-55DE-4137-996D-31FE316578AF} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1QzuyE0C0E0D0D0E0FyCyC0F0FyEzy0ByDyDtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=1785632500
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - toolplugin - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File
Toolbar: HKLM-x32 - No Name - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A5B9220D-875B-4C63-A4B1-AABF1D74E973}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Sascha & Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\3u1jr7fi.default
FF Homepage: google.de
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\portaldosites.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Escamod - C:\Users\Sascha & Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\3u1jr7fi.default\Extensions\escamod@gmx.net0002.xpi [2014-01-23]
FF Extension: Adblock Plus - C:\Users\Sascha & Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\3u1jr7fi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-23]
FF Extension: Tab Mix Plus - C:\Users\Sascha & Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\3u1jr7fi.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-01-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
Chrome:
=======
CHR Extension: (Zoomex) - C:\Users\Sascha & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mofdfekbgmpkihbinibfegfabgdkffhc [2013-01-28]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\SASCHA~1\AppData\Local\funmoods.crx [2013-01-28]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\SASCHA~1\AppData\Local\funmoods-speeddial.crx [2012-07-28]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-07-28]
CHR HKCU\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Sascha & Nancy\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-09-05]
CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Sascha & Nancy\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Sascha & Nancy\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Sascha & Nancy\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-04-17]
==================== Services (Whitelisted) =================
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.)
R2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93856 2013-11-06] (Microsoft)
R2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [132768 2013-11-06] (CSIS Security Group)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1752488 2014-02-04] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
S2 HPSLPSVC; C:\Users\SASCHA~1\AppData\Local\Temp\7zS4921\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2014-02-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-02-25] (WinISO.com)
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 pmplcahk; \??\C:\Windows\system32\drivers\pmplcahk.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 10:41 - 2014-02-04 10:42 - 00029727 _____ () C:\Users\Sascha & Nancy\Downloads\FRST.txt
2014-02-04 10:41 - 2014-02-04 10:41 - 00000000 ____D () C:\FRST
2014-02-04 10:39 - 2014-02-04 10:40 - 02080256 _____ (Farbar) C:\Users\Sascha & Nancy\Downloads\FRST64.exe
2014-02-04 10:37 - 2014-02-04 10:39 - 00000490 _____ () C:\Users\Sascha & Nancy\Downloads\defogger_disable.log
2014-02-04 10:37 - 2014-02-04 10:37 - 00000000 _____ () C:\Users\Sascha & Nancy\defogger_reenable
2014-02-04 10:36 - 2014-02-04 10:36 - 00050477 _____ () C:\Users\Sascha & Nancy\Downloads\Defogger.exe
2014-02-04 10:03 - 2014-02-04 10:03 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Malwarebytes
2014-02-04 10:02 - 2014-02-04 10:02 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 10:02 - 2014-02-04 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 10:02 - 2014-02-04 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 10:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-04 09:57 - 2014-02-04 09:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sascha & Nancy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 09:10 - 2014-02-04 09:10 - 02434048 _____ () C:\Users\Sascha & Nancy\Downloads\msxml(1).msi
2014-02-04 09:10 - 2014-02-04 09:10 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 09:08 - 2014-02-04 09:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-04 09:08 - 2014-02-04 09:09 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 09:08 - 2014-02-04 09:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 08:59 - 2014-02-04 08:59 - 00001258 _____ () C:\Windows\system32\.crusader
2014-02-04 08:45 - 2014-02-04 08:45 - 02209056 _____ () C:\Users\Sascha & Nancy\Downloads\avira-eu-cleaner_de.exe
2014-02-04 08:42 - 2014-02-04 08:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-04 08:41 - 2014-02-04 08:42 - 10820032 _____ (SurfRight B.V.) C:\Users\Sascha & Nancy\Desktop\hitmanpro_x64.exe
2014-02-04 08:29 - 2014-02-04 08:29 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2014-02-04 08:28 - 2014-02-04 08:29 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-02-04 08:27 - 2014-02-04 08:27 - 04164208 _____ (CSIS Security Group) C:\Users\Sascha & Nancy\Downloads\HeimdalSetup.exe
2014-02-04 08:27 - 2014-02-04 08:27 - 00001116 _____ () C:\Users\Sascha & Nancy\Desktop\Heimdal.lnk
2014-02-04 08:27 - 2014-02-04 08:27 - 00000000 ____D () C:\ProgramData\CSIS
2014-02-04 08:27 - 2014-02-04 08:27 - 00000000 ____D () C:\Program Files (x86)\Heimdal
2014-02-04 08:26 - 2014-02-04 08:26 - 02434048 _____ () C:\Users\Sascha & Nancy\Downloads\msxml.msi
2014-02-04 08:25 - 2014-02-04 08:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-04 08:17 - 2014-02-04 08:17 - 00001036 _____ () C:\Users\Sascha & Nancy\Desktop\Secunia PSI.lnk
2014-02-04 08:17 - 2014-02-04 08:17 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Local\Secunia PSI
2014-02-04 08:17 - 2014-02-04 08:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-02-04 08:16 - 2014-02-04 08:16 - 05329480 _____ (Secunia) C:\Users\Sascha & Nancy\Downloads\PSISetup.exe
2014-02-04 08:13 - 2014-02-04 08:13 - 00533424 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-02-04 08:13 - 2014-02-04 08:13 - 00488104 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-02-04 08:13 - 2014-02-04 08:13 - 00017416 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-02-04 08:13 - 2014-02-04 08:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-02-04 08:13 - 2014-02-04 08:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-02-04 08:12 - 2014-02-04 08:13 - 01752488 _____ (SurfRight B.V.) C:\Users\Sascha & Nancy\Desktop\hmpalert.exe
2014-02-04 07:59 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-04 07:59 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-04 07:59 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-04 07:59 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-04 07:58 - 2014-02-04 07:59 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-04 07:45 - 2014-02-04 07:45 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64(2).exe
2014-02-04 07:43 - 2014-02-04 07:43 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64(1).exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-04 07:27 - 2014-02-04 07:27 - 00000000 ____D () C:\Program Files\Java
2014-02-04 07:26 - 2014-02-04 07:26 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64.exe
2014-01-30 12:55 - 2014-01-30 12:58 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-30 12:55 - 2014-01-30 12:55 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Sascha & Nancy\Downloads\BlueStacks-SplitInstaller_native.exe
2014-01-25 12:26 - 2014-02-02 14:21 - 00000000 ____D () C:\Users\Sascha & Nancy\Desktop\Para
2014-01-25 12:23 - 2014-01-25 12:23 - 00215382 _____ () C:\Users\Sascha & Nancy\Downloads\GotClip_Setup.exe
2014-01-25 12:23 - 2014-01-25 12:23 - 00000958 _____ () C:\Users\Sascha & Nancy\Desktop\GotClip.lnk
2014-01-25 12:23 - 2014-01-25 12:23 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
2014-01-25 12:23 - 2014-01-25 12:23 - 00000000 ____D () C:\Program Files (x86)\GotClip
2014-01-23 07:24 - 2014-01-23 07:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-23 07:23 - 2014-01-23 07:23 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0(3).exe
2014-01-23 07:22 - 2014-01-23 07:24 - 00001114 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 22:34 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-21 22:34 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-21 22:34 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-21 22:34 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-21 22:34 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-21 22:34 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-21 22:34 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-21 22:34 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-21 22:34 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-21 22:34 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-21 22:34 - 2013-10-25 04:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-21 22:34 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-21 22:33 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-21 22:33 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-21 22:33 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-21 08:29 - 2014-01-21 08:29 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0(2).exe
2014-01-21 08:05 - 2014-01-21 08:05 - 00000000 ____D () C:\Users\Sascha & Nancy\Documents\OneNote-Notizbücher
2014-01-21 08:00 - 2014-01-21 08:00 - 08459768 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox_Setup_3.6.28.exe
2014-01-19 03:04 - 2014-01-19 03:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-19 03:04 - 2014-01-19 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-18 12:02 - 2014-02-02 16:44 - 00012949 _____ () C:\Users\Sascha & Nancy\Documents\vordruck stundenzettel helmut.odt
2014-01-17 18:44 - 2014-01-17 18:44 - 00012969 _____ () C:\Users\Sascha & Nancy\Documents\vorbruck stunden zettel.odt
2014-01-17 17:26 - 2014-01-17 17:26 - 00000859 _____ () C:\Users\Sascha & Nancy\AppData\Local\recently-used.xbel
2014-01-17 17:23 - 2014-01-21 08:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 17:23 - 2014-01-17 17:23 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Local\Microsoft Help
2014-01-15 05:23 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 05:23 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 05:23 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 05:23 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 19:20 - 2014-01-12 19:20 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0.exe
2014-01-12 17:10 - 2014-01-12 17:10 - 00002990 _____ () C:\Windows\System32\Tasks\{B82F30CA-5083-4EA4-9F77-16A1E083B57B}
2014-01-12 17:08 - 2014-01-12 17:08 - 00002990 _____ () C:\Windows\System32\Tasks\{ED49D765-0278-44F4-BBBD-548065650574}
2014-01-12 17:06 - 2014-01-12 17:06 - 00002990 _____ () C:\Windows\System32\Tasks\{FD7A06F6-B324-4C76-B750-14BCAAD9F666}
2014-01-12 16:02 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-12 16:02 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-12 16:02 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-12 16:02 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-12 16:02 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-12 16:02 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-12 16:02 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-12 16:02 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-12 16:02 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-12 16:02 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-12 16:02 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-12 16:02 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-12 16:02 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-12 16:02 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-12 16:02 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-12 16:02 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-12 16:02 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-12 16:02 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-12 16:02 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-12 16:02 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-12 16:02 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-12 16:02 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-12 16:02 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-12 16:02 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-10 14:01 - 2014-01-10 14:02 - 23867560 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox_Setup_26.0.exe
==================== One Month Modified Files and Folders =======
2014-02-04 10:42 - 2014-02-04 10:41 - 00029727 _____ () C:\Users\Sascha & Nancy\Downloads\FRST.txt
2014-02-04 10:42 - 2012-06-13 07:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 10:41 - 2014-02-04 10:41 - 00000000 ____D () C:\FRST
2014-02-04 10:40 - 2014-02-04 10:39 - 02080256 _____ (Farbar) C:\Users\Sascha & Nancy\Downloads\FRST64.exe
2014-02-04 10:39 - 2014-02-04 10:37 - 00000490 _____ () C:\Users\Sascha & Nancy\Downloads\defogger_disable.log
2014-02-04 10:37 - 2014-02-04 10:37 - 00000000 _____ () C:\Users\Sascha & Nancy\defogger_reenable
2014-02-04 10:37 - 2011-06-09 16:52 - 00000000 ____D () C:\Users\Sascha & Nancy
2014-02-04 10:36 - 2014-02-04 10:36 - 00050477 _____ () C:\Users\Sascha & Nancy\Downloads\Defogger.exe
2014-02-04 10:33 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 10:33 - 2009-07-14 05:45 - 00016080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 10:31 - 2011-01-24 19:54 - 01786406 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 10:25 - 2013-10-05 18:42 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-02-04 10:25 - 2013-08-23 09:51 - 00031418 _____ () C:\Windows\setupact.log
2014-02-04 10:25 - 2013-01-12 14:07 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-04 10:25 - 2012-03-19 20:54 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 10:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 10:24 - 2013-10-05 18:43 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-04 10:24 - 2011-10-21 19:25 - 00000000 ____D () C:\Program Files (x86)\BrowserCompanion
2014-02-04 10:24 - 2010-11-16 18:49 - 00806366 _____ () C:\Windows\PFRO.log
2014-02-04 10:16 - 2013-01-17 19:15 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-02-04 10:15 - 2013-06-10 07:31 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Omiga Plus
2014-02-04 10:03 - 2014-02-04 10:03 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Malwarebytes
2014-02-04 10:02 - 2014-02-04 10:02 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-04 10:02 - 2014-02-04 10:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 10:02 - 2014-02-04 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 09:57 - 2014-02-04 09:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sascha & Nancy\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-04 09:57 - 2012-03-19 20:54 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 09:11 - 2011-06-10 22:52 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-04 09:10 - 2014-02-04 09:10 - 02434048 _____ () C:\Users\Sascha & Nancy\Downloads\msxml(1).msi
2014-02-04 09:10 - 2014-02-04 09:10 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-04 09:09 - 2014-02-04 09:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-04 09:09 - 2014-02-04 09:08 - 00000000 ____D () C:\Program Files\iTunes
2014-02-04 09:09 - 2014-02-04 09:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-02-04 09:08 - 2014-02-04 09:08 - 00000000 ____D () C:\Program Files\iPod
2014-02-04 08:59 - 2014-02-04 08:59 - 00001258 _____ () C:\Windows\system32\.crusader
2014-02-04 08:59 - 2014-02-04 08:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-04 08:45 - 2014-02-04 08:45 - 02209056 _____ () C:\Users\Sascha & Nancy\Downloads\avira-eu-cleaner_de.exe
2014-02-04 08:42 - 2014-02-04 08:41 - 10820032 _____ (SurfRight B.V.) C:\Users\Sascha & Nancy\Desktop\hitmanpro_x64.exe
2014-02-04 08:37 - 2012-10-21 11:40 - 00000000 ____D () C:\ProgramData\Apple
2014-02-04 08:34 - 2011-06-09 16:55 - 00113272 _____ () C:\Users\Sascha & Nancy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 08:33 - 2009-07-14 05:45 - 00432024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 08:29 - 2014-02-04 08:29 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2014-02-04 08:29 - 2014-02-04 08:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-02-04 08:27 - 2014-02-04 08:27 - 04164208 _____ (CSIS Security Group) C:\Users\Sascha & Nancy\Downloads\HeimdalSetup.exe
2014-02-04 08:27 - 2014-02-04 08:27 - 00001116 _____ () C:\Users\Sascha & Nancy\Desktop\Heimdal.lnk
2014-02-04 08:27 - 2014-02-04 08:27 - 00000000 ____D () C:\ProgramData\CSIS
2014-02-04 08:27 - 2014-02-04 08:27 - 00000000 ____D () C:\Program Files (x86)\Heimdal
2014-02-04 08:26 - 2014-02-04 08:26 - 02434048 _____ () C:\Users\Sascha & Nancy\Downloads\msxml.msi
2014-02-04 08:25 - 2014-02-04 08:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-04 08:25 - 2010-11-16 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-04 08:25 - 2010-11-16 18:52 - 00000000 ____D () C:\ProgramData\Skype
2014-02-04 08:24 - 2012-06-13 07:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 08:24 - 2012-06-13 07:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 08:24 - 2012-06-13 07:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 08:17 - 2014-02-04 08:17 - 00001036 _____ () C:\Users\Sascha & Nancy\Desktop\Secunia PSI.lnk
2014-02-04 08:17 - 2014-02-04 08:17 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Local\Secunia PSI
2014-02-04 08:17 - 2014-02-04 08:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-02-04 08:16 - 2014-02-04 08:16 - 05329480 _____ (Secunia) C:\Users\Sascha & Nancy\Downloads\PSISetup.exe
2014-02-04 08:13 - 2014-02-04 08:13 - 00533424 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-02-04 08:13 - 2014-02-04 08:13 - 00488104 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-02-04 08:13 - 2014-02-04 08:13 - 00017416 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-02-04 08:13 - 2014-02-04 08:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-02-04 08:13 - 2014-02-04 08:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-02-04 08:13 - 2014-02-04 08:12 - 01752488 _____ (SurfRight B.V.) C:\Users\Sascha & Nancy\Desktop\hmpalert.exe
2014-02-04 07:59 - 2014-02-04 07:58 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-04 07:59 - 2012-06-22 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 07:55 - 2012-03-19 06:53 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-04 07:45 - 2014-02-04 07:45 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64(2).exe
2014-02-04 07:43 - 2014-02-04 07:43 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64(1).exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-04 07:27 - 2014-02-04 07:27 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-04 07:27 - 2014-02-04 07:27 - 00000000 ____D () C:\Program Files\Java
2014-02-04 07:26 - 2014-02-04 07:26 - 30796712 _____ (Oracle Corporation) C:\Users\Sascha & Nancy\Downloads\jre-7u51-windows-x64.exe
2014-02-04 07:23 - 2011-06-10 08:54 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Local\Adobe
2014-02-04 07:19 - 2013-01-21 18:38 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-04 07:18 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-02 16:44 - 2014-01-18 12:02 - 00012949 _____ () C:\Users\Sascha & Nancy\Documents\vordruck stundenzettel helmut.odt
2014-02-02 14:21 - 2014-01-25 12:26 - 00000000 ____D () C:\Users\Sascha & Nancy\Desktop\Para
2014-01-30 12:58 - 2014-01-30 12:55 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-30 12:55 - 2014-01-30 12:55 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Sascha & Nancy\Downloads\BlueStacks-SplitInstaller_native.exe
2014-01-25 12:23 - 2014-01-25 12:23 - 00215382 _____ () C:\Users\Sascha & Nancy\Downloads\GotClip_Setup.exe
2014-01-25 12:23 - 2014-01-25 12:23 - 00000958 _____ () C:\Users\Sascha & Nancy\Desktop\GotClip.lnk
2014-01-25 12:23 - 2014-01-25 12:23 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
2014-01-25 12:23 - 2014-01-25 12:23 - 00000000 ____D () C:\Program Files (x86)\GotClip
2014-01-23 07:24 - 2014-01-23 07:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-23 07:24 - 2014-01-23 07:22 - 00001114 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-23 07:24 - 2013-12-20 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-23 07:23 - 2014-01-23 07:23 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0(3).exe
2014-01-23 07:23 - 2011-09-23 06:51 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Mozilla
2014-01-21 10:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-21 08:32 - 2014-01-17 17:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-21 08:31 - 2011-01-24 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-21 08:29 - 2014-01-21 08:29 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0(2).exe
2014-01-21 08:29 - 2011-06-09 16:52 - 00000000 ___RD () C:\Users\Sascha & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 08:29 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2014-01-21 08:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-21 08:27 - 2009-07-14 03:34 - 00000419 _____ () C:\Windows\win.ini
2014-01-21 08:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-21 08:05 - 2014-01-21 08:05 - 00000000 ____D () C:\Users\Sascha & Nancy\Documents\OneNote-Notizbücher
2014-01-21 08:00 - 2014-01-21 08:00 - 08459768 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox_Setup_3.6.28.exe
2014-01-19 08:33 - 2011-09-03 08:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-19 03:04 - 2014-01-19 03:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-19 03:04 - 2014-01-19 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-17 18:44 - 2014-01-17 18:44 - 00012969 _____ () C:\Users\Sascha & Nancy\Documents\vorbruck stunden zettel.odt
2014-01-17 18:33 - 2009-07-14 18:58 - 07533032 _____ () C:\Windows\system32\perfh007.dat
2014-01-17 18:33 - 2009-07-14 18:58 - 02331660 _____ () C:\Windows\system32\perfc007.dat
2014-01-17 18:33 - 2009-07-14 06:13 - 00005422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-17 17:27 - 2013-12-05 09:12 - 00000000 ____D () C:\Users\Sascha & Nancy\Desktop\Rocco
2014-01-17 17:26 - 2014-01-17 17:26 - 00000859 _____ () C:\Users\Sascha & Nancy\AppData\Local\recently-used.xbel
2014-01-17 17:26 - 2012-07-14 09:44 - 00000000 ____D () C:\Users\Sascha & Nancy\.gimp-2.8
2014-01-17 17:23 - 2014-01-17 17:23 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Local\Microsoft Help
2014-01-15 22:20 - 2013-08-14 14:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:18 - 2011-06-13 14:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:25 - 2011-12-07 16:44 - 00000000 ____D () C:\Users\Sascha & Nancy\AppData\Roaming\Skype
2014-01-15 06:47 - 2012-12-27 15:26 - 00000000 ____D () C:\Users\Sascha & Nancy\Desktop\Mucke
2014-01-12 19:20 - 2014-01-12 19:20 - 00283096 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox Setup Stub 26.0.exe
2014-01-12 17:16 - 2012-09-22 08:16 - 00000000 ____D () C:\Users\Sascha & Nancy\Documents\SH5
2014-01-12 17:10 - 2014-01-12 17:10 - 00002990 _____ () C:\Windows\System32\Tasks\{B82F30CA-5083-4EA4-9F77-16A1E083B57B}
2014-01-12 17:08 - 2014-01-12 17:08 - 00002990 _____ () C:\Windows\System32\Tasks\{ED49D765-0278-44F4-BBBD-548065650574}
2014-01-12 17:06 - 2014-01-12 17:06 - 00002990 _____ () C:\Windows\System32\Tasks\{FD7A06F6-B324-4C76-B750-14BCAAD9F666}
2014-01-12 16:28 - 2013-03-19 06:35 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-01-12 15:52 - 2012-12-28 17:07 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-01-12 15:51 - 2012-12-28 17:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-01-12 15:51 - 2012-12-28 17:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-01-12 12:55 - 2013-12-02 10:33 - 00000000 ____D () C:\Program Files (x86)\Vector Magic
2014-01-12 12:55 - 2013-11-18 19:30 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-01-12 12:55 - 2010-11-16 18:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-10 14:02 - 2014-01-10 14:01 - 23867560 _____ (Mozilla) C:\Users\Sascha & Nancy\Downloads\Firefox_Setup_26.0.exe
2014-01-07 06:07 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-06 20:38 - 2013-09-04 08:43 - 00000000 ____D () C:\Users\Sascha & Nancy\Desktop\TKKG
Files to move or delete:
====================
C:\Users\Sascha & Nancy\AppData\Roaming\skype.ini
Some content of TEMP:
====================
C:\Users\Sascha & Nancy\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\Delta.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\DeltaTB.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\propsys.dll
C:\Users\Sascha & Nancy\AppData\Local\Temp\SHSetup.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\Uninstall.exe
C:\Users\Sascha & Nancy\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-17 05:43
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Sascha & Nancy at 2014-02-04 10:42:54
Running from C:\Users\Sascha & Nancy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: - )
ATI Catalyst Install Manager (Version: 3.0.769.0 - ATI Technologies, Inc.)
Battlefield 3™ (x32 Version: 1.0.0.0 - Electronic Arts)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.16(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (x32 Version: - ) <==== ATTENTION
ccc-utility64 (Version: 2010.0426.2136.36953 - ATI) Hidden
CDBurnerXP (x32 Version: 4.5.2.4255 - CDBurnerXP)
Conexant Audio Driver For AMD HDMI Codec (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (Version: 4.119.0.61 - Conexant)
ContentSAFER for Wizmax (x32 Version: - )
Convert AVI to MP4 1.3 (x32 Version: - convertavitomp3.com)
Free M4a to MP3 Converter 7.2 (x32 Version: - ManiacTools.com)
GIMP 2.8.8 (Version: 2.8.8 - The GIMP Team)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GotClip Downloader (x32 Version: - )
Heimdal (x32 Version: 1.8.2.531 - CSIS Security Group)
HitmanPro.Alert (Version: 2.0.9.34 - SurfRight B.V.)
IsoBuster 3.1 (x32 Version: 3.1 - Smart Projects)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MP4 To MP3 Converter V3.0.4 (x32 Version: - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 1.4.1 (x32 Version: - The ScummVM Team)
Secunia PSI (3.0.0.9016) (x32 Version: 3.0.0.9016 - Secunia)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
swMSM (x32 Version: - )
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
WinISO (x32 Version: 6.3.0.4804 - WinISO Computing Inc.)
WinRAR 4.10 (64-Bit) (Version: 4.10.0 - win.rar GmbH)
==================== Restore Points =========================
19-01-2014 03:12:30 Windows Update
19-01-2014 22:41:31 Windows Update
21-01-2014 07:15:54 Windows Modules Installer
21-01-2014 07:24:33 Removed Microsoft Office Professional 2010
21-01-2014 21:33:37 Windows Update
25-01-2014 05:07:24 Windows Update
29-01-2014 04:26:20 Windows Update
01-02-2014 05:15:42 Windows Update
04-02-2014 06:17:43 Removed BlueStacks Notification Center
04-02-2014 06:26:53 Installed Java 7 Update 51 (64-bit)
04-02-2014 06:57:47 Installed Java 7 Update 51
04-02-2014 07:01:26 Windows Update
04-02-2014 08:11:27 Installed MSXML 4.0 SP3 Parser
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1CB99055-AEF9-4736-910E-B880E291399A} - System32\Tasks\Google Updater and Installer => C:\Users\Sascha & Nancy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2511F56C-248C-49E9-845A-FA3FA079CACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19] (Google Inc.)
Task: {355A8926-91EF-4759-955B-CC7D6534AEE9} - System32\Tasks\{ED49D765-0278-44F4-BBBD-548065650574} => Firefox.exe
Task: {385111CA-A7CC-4C7A-8A3F-99D88066D360} - System32\Tasks\{5425D119-CB66-4278-B098-0F2B3BF05957} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1638
Task: {50998153-E4E4-45DA-932D-CBCFFCAF1FC0} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe
Task: {73D72766-0297-4938-BC8B-5107E7884500} - System32\Tasks\{B82F30CA-5083-4EA4-9F77-16A1E083B57B} => Firefox.exe
Task: {8452AD8E-AFE6-48B6-B76D-C2149944B79A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {89763217-B567-4E0C-B721-FC07BFBBB721} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {8C22F9A7-AFA6-4A32-8252-8ABFC51AAB3E} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {91103D62-B0B5-4821-BB0F-DDCA09B9986D} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-03] (TOSHIBA CORPORATION)
Task: {9373D6B4-C920-4062-973E-4681A74227F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {9DB225B5-E9C1-4F26-87A7-371F5AE9E922} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {AFEE71C3-20DB-4B88-8A38-3E5479394F0C} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {B6A906E2-509A-4485-883D-4D178D297138} - System32\Tasks\{FD7A06F6-B324-4C76-B750-14BCAAD9F666} => Firefox.exe
Task: {E3CC1CA0-F795-462A-938B-E525D199C031} - System32\Tasks\{C5346126-C226-40CC-9DCA-680DFB303C33} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1638
Task: {E5F7A0EF-A657-41BA-B8E6-B576AFFC978F} - System32\Tasks\DealPly => C:\Users\SASCHA~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E998ACB3-CFD6-4FA6-8A0F-4865DCC90CDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-19] (Google Inc.)
Task: {ECB0868D-49A2-41D5-A0BF-7B17F27A4DEC} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F0613224-7154-41D7-BE6E-8D46DE0265CE} - System32\Tasks\Funmoods => C:\Users\SASCHA~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F944E880-8176-4831-AF7F-09AC34B7A74C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-23 13:58 - 2010-04-23 13:58 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-11-16 18:31 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-03-17 16:01 - 2010-03-17 16:01 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-10-13 10:00 - 2009-10-13 10:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-24 19:59 - 2011-01-24 19:59 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 07:24 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:33B04540
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2014 09:18:40 AM) (Source: Application Hang) (User: )
Description: Programm Au_.exe, Version 5.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 978
Startzeit: 01cf21800984bee6
Endzeit: 16
Anwendungspfad: C:\Users\SASCHA~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Berichts-ID:
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
System errors:
=============
Error: (02/04/2014 10:27:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/04/2014 10:25:53 AM) (Source: ipnathlp) (User: )
Description: 192.168.178.20192.168.137.0255.255.255.0
Error: (02/04/2014 10:25:53 AM) (Source: ipnathlp) (User: )
Description:
Error: (02/04/2014 09:05:10 AM) (Source: DCOM) (User: )
Description: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}
Error: (02/04/2014 09:04:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/04/2014 09:02:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/04/2014 09:02:31 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
Error: (02/04/2014 09:02:12 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (02/04/2014 09:01:45 AM) (Source: ipnathlp) (User: )
Description: 192.168.178.20192.168.137.0255.255.255.0
Error: (02/04/2014 09:01:45 AM) (Source: ipnathlp) (User: )
Description:
Microsoft Office Sessions:
=========================
Error: (02/04/2014 09:18:40 AM) (Source: Application Hang)(User: )
Description: Au_.exe5.0.0.097801cf21800984bee616C:\Users\SASCHA~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
Error: (02/02/2014 06:56:22 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
CodeIntegrity Errors:
===================================
Date: 2014-02-04 10:37:28.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 10:23:33.021
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 10:13:55.720
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 09:54:45.052
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 09:35:14.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 08:55:18.882
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-04 08:25:42.571
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-12-03 11:55:51.609
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-12-03 11:55:51.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ewusbmdm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3957.86 MB
Available physical RAM: 2091.77 MB
Total Pagefile: 7913.9 MB
Available Pagefile: 5672.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.73 GB) (Free:34.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.64 GB) (Free:207.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C5B28EA6)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
| Themen zu Windows7 - eGdpSvc.exe Trojan - Internetoptionen geht nicht- Onlinebanking |
| .dll, adblock, adobe, bonjour, branding, cid, converter, desktop, device driver, ebanking, error, explorer, fehler, firefox, flash player, gmx.net, google, heimdal, home, homepage, installation, internetoptionen, malware, mozilla, online banking, registry, scan, secunia psi, security, services.exe, software, svchost.exe, trojan, trojaner, wildtangent games, windows, winlogon.exe, wscript.exe |
Baum-Darstellung