| |
| |||||||
Log-Analyse und Auswertung: Win 8.1 Startet automatisch den Standard Browser mit der Bing SuchmaschineWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2014, 19:05
| #1 |
| |  Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo zusammen, mein Windows 8.1 startet seit Gestern automatisch in den Desktopmodus und startet dann den Standardbrowser mit der Bing Suchmaschine als Startseite. Google und die Suchfunktion hier gaben leider keine Lösung her. Wenn ich das System im Abgesicherten Modus starte tritt das Problem nicht auf. Hier die geforderten Logfiles der Tools FRST, GMER und hijackthis (als Anhang). FRST.txt: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by F19Aurora (administrator) on HEIKO on 14-02-2014 18:27:42
Running from C:\Users\F19Aurora\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
() C:\Users\F19Aurora\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SKDaemon.exe] - C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [335872 2010-03-02] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] - C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [ToolboxFX] - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKU\S-1-5-21-3405735661-249413621-4105650749-1001\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11417504 2012-11-25] (NTeWORKS)
HKU\S-1-5-21-3405735661-249413621-4105650749-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\F19Aurora\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3405735661-249413621-4105650749-1009\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11417504 2012-11-25] (NTeWORKS)
HKU\S-1-5-21-3405735661-249413621-4105650749-1009\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5A7099D644ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
SearchScopes: HKCU - DefaultScope {95E7D617-945B-4175-8B86-E2B20A874CCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=7E63001A92E9DEF7
SearchScopes: HKCU - {95E7D617-945B-4175-8B86-E2B20A874CCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3195CF7C-E9E2-49B2-8B61-14F285298E1C} https://sslvpn.rc-midmarket.de/wa/AccessClientLoader.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default
FF user.js: detected! => C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\user.js
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.rc-network.de/forum/forumdisplay.php/20-E-Impeller-Jets|hxxp://www.lockheed-stealth.de/|hxxp://www.rcgroups.com/electric-ducted-fan-jet-talk-12/|hxxp://www.rcgroups.com/large-edf-jets-858/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\de_DE@dicts.j3e.de [2013-09-13]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-19]
FF Extension: YouTube Video and Audio Downloader - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-01-28]
FF Extension: Google Translator for Firefox - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\translator@zoli.bod.xpi [2013-05-17]
FF Extension: RoboForm Lite - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\xpirftoolbar@roboform.com.xpi [2013-05-11]
FF Extension: FireFTP button - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi [2013-05-11]
FF Extension: FireFTP - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-05-11]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-31]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\F19Aurora\AppData\Local\Slick Savings\coupons.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
==================== Services (Whitelisted) =================
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-14 18:26 - 2014-02-14 18:27 - 00015899 _____ () C:\Users\F19Aurora\Downloads\FRST.txt
2014-02-14 18:26 - 2014-02-14 18:27 - 00000000 ____D () C:\FRST
2014-02-14 18:26 - 2014-02-14 18:26 - 00026784 _____ () C:\Users\F19Aurora\Downloads\Addition.txt
2014-02-14 18:25 - 2014-02-14 18:25 - 02152960 _____ (Farbar) C:\Users\F19Aurora\Downloads\FRST64.exe
2014-02-14 17:20 - 2014-02-14 17:20 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 17:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-14 17:19 - 2014-02-14 17:19 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\F19Aurora\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 16:26 - 2014-02-14 17:14 - 00008355 _____ () C:\Users\F19Aurora\Desktop\hijackthis.log
2014-02-14 16:22 - 2014-02-14 16:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\F19Aurora\Downloads\HijackThis.exe
2014-02-14 16:13 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-14 16:13 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-14 16:12 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-14 16:12 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-14 16:12 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-14 16:12 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-14 16:12 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-14 16:12 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-14 16:12 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-14 16:12 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-14 16:12 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-14 16:12 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-14 16:12 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-14 16:12 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-14 16:12 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-14 16:12 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-14 16:12 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-14 16:12 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-14 16:12 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-14 16:12 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-14 16:12 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-14 16:12 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-14 16:12 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-14 16:12 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-14 16:12 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-14 16:12 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-14 16:12 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-14 16:12 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-14 16:12 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-14 16:12 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-14 16:12 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-14 16:12 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-14 16:12 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-14 16:12 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-14 16:12 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-14 16:12 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-14 16:12 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-14 16:12 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-14 16:12 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-14 16:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-14 16:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-14 16:12 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-14 16:12 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-14 16:12 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-14 16:12 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-14 16:12 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-14 16:12 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-14 16:12 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-14 16:12 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-14 16:12 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-14 16:12 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-14 16:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-14 16:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-14 16:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-14 16:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-14 16:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-14 16:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-14 16:11 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-14 16:11 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-14 16:11 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-14 16:11 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-14 16:10 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-14 16:10 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-14 16:10 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-14 16:10 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-14 16:10 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-14 16:10 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-14 16:10 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-14 16:10 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-14 16:10 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-14 16:10 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-14 15:47 - 2014-02-14 15:47 - 00032494 _____ () C:\Users\F19Aurora\.recently-used.xbel
2014-02-14 10:31 - 2014-02-14 10:31 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Malwarebytes
2014-02-03 13:58 - 2014-02-14 18:16 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 13:58 - 2014-02-14 18:03 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 13:58 - 2014-02-03 13:58 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-03 13:58 - 2014-02-03 13:58 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 14:27 - 2014-02-01 14:28 - 30112461 _____ () C:\Users\F19Aurora\Desktop\Billy Ocean - Suddenly (2009).mp4
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\ESET
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\Program Files\ESET
2014-01-31 18:30 - 2014-01-31 19:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-01-31 16:43 - 2014-02-04 18:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-01-31 01:36 - 2014-01-31 01:36 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\IObit
2014-01-31 01:19 - 2014-01-31 01:19 - 00000000 _____ () C:\WINDOWS\SysWOW64\config.nt
2014-01-31 01:07 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-31 01:07 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-31 01:07 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-31 01:07 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-31 01:07 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-31 01:07 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-31 01:07 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-31 01:07 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-31 01:07 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-31 01:07 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-31 01:06 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-31 01:05 - 2014-01-31 01:05 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\AVAST Software
2014-01-31 01:02 - 2014-01-31 01:04 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-01-31 01:02 - 2013-12-22 18:47 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-01-31 01:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-30 23:55 - 2014-01-31 00:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZeroSpyware
2014-01-30 22:45 - 2014-01-31 19:34 - 01150488 _____ () C:\WINDOWS\PFRO.log
2014-01-30 21:28 - 2014-02-14 17:44 - 01064060 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-22 12:57 - 2014-02-14 16:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-20 10:27 - 2014-01-31 18:42 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 19:26 - 2014-01-20 16:26 - 00000755 _____ () C:\Users\F19Aurora\AppData\Local\CastleLinkProps.dat
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2014-01-19 12:45 - 2014-01-30 22:49 - 00000000 ____D () C:\WINDOWS\Minidump
==================== One Month Modified Files and Folders =======
2014-02-14 18:27 - 2014-02-14 18:26 - 00015899 _____ () C:\Users\F19Aurora\Downloads\FRST.txt
2014-02-14 18:27 - 2014-02-14 18:26 - 00000000 ____D () C:\FRST
2014-02-14 18:26 - 2014-02-14 18:26 - 00026784 _____ () C:\Users\F19Aurora\Downloads\Addition.txt
2014-02-14 18:25 - 2014-02-14 18:25 - 02152960 _____ (Farbar) C:\Users\F19Aurora\Downloads\FRST64.exe
2014-02-14 18:21 - 2013-05-11 18:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3405735661-249413621-4105650749-1001
2014-02-14 18:20 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-14 18:20 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-14 18:20 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-14 18:16 - 2014-02-03 13:58 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 18:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 18:03 - 2014-02-03 13:58 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-14 17:44 - 2014-01-30 21:28 - 01064060 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 17:20 - 2014-02-14 17:20 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 17:19 - 2014-02-14 17:19 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\F19Aurora\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 17:14 - 2014-02-14 16:26 - 00008355 _____ () C:\Users\F19Aurora\Desktop\hijackthis.log
2014-02-14 17:09 - 2013-12-14 18:04 - 00082553 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-14 16:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-14 16:37 - 2013-06-10 13:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 16:35 - 2013-08-22 14:25 - 00000167 _____ () C:\WINDOWS\win.ini
2014-02-14 16:22 - 2014-02-14 16:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\F19Aurora\Downloads\HijackThis.exe
2014-02-14 16:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-14 16:08 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\F19Aurora
2014-02-14 16:08 - 2013-10-28 11:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-14 16:07 - 2014-01-22 12:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-14 16:07 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\Administrator
2014-02-14 16:07 - 2013-10-28 11:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SystemResources
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-14 16:07 - 2013-08-11 15:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-02-14 16:07 - 2013-07-05 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-14 16:07 - 2013-05-11 22:18 - 00000000 ___RD () C:\Users\F19Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 16:07 - 2013-05-11 22:18 - 00000000 ___RD () C:\Users\F19Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 16:07 - 2013-05-11 22:17 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Packages
2014-02-14 16:07 - 2013-05-11 21:58 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\gtk-2.0
2014-02-14 16:07 - 2013-05-11 20:38 - 00000000 ____D () C:\ProgramData\CamBam plus 0.9.8
2014-02-14 16:07 - 2013-05-11 18:15 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\picpick
2014-02-14 16:06 - 2013-12-20 14:39 - 00000000 __RHD () C:\MSOCache
2014-02-14 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-14 16:06 - 2013-05-11 21:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-14 15:56 - 2013-10-28 11:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-14 15:47 - 2014-02-14 15:47 - 00032494 _____ () C:\Users\F19Aurora\.recently-used.xbel
2014-02-14 15:47 - 2013-05-11 19:18 - 00000000 ____D () C:\Users\F19Aurora\.gimp-2.6
2014-02-14 15:46 - 2013-10-27 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-14 10:31 - 2014-02-14 10:31 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Malwarebytes
2014-02-07 10:39 - 2013-06-10 13:25 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Microsoft Help
2014-02-06 13:16 - 2014-02-14 16:12 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 16:12 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 16:12 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 16:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 16:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 16:12 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 16:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 16:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-14 16:12 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 16:12 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 16:12 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 16:12 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 16:12 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 16:12 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 16:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 16:12 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 16:12 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 16:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 16:12 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 16:12 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 16:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 16:12 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 16:12 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-14 16:12 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 16:12 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 16:12 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 16:12 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 16:12 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 16:12 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 16:12 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 16:12 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 16:12 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 16:12 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 16:12 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 16:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 16:12 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 16:12 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-04 19:00 - 2013-05-11 19:08 - 00000398 _____ () C:\WINDOWS\hbcikrnl.ini
2014-02-04 18:57 - 2014-01-31 16:43 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-02-03 13:58 - 2014-02-03 13:58 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-03 13:58 - 2014-02-03 13:58 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 14:28 - 2014-02-01 14:27 - 30112461 _____ () C:\Users\F19Aurora\Desktop\Billy Ocean - Suddenly (2009).mp4
2014-01-31 19:34 - 2014-01-31 18:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-01-31 19:34 - 2014-01-30 22:45 - 01150488 _____ () C:\WINDOWS\PFRO.log
2014-01-31 19:34 - 2013-08-22 15:44 - 00555184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-31 19:34 - 2013-05-11 20:50 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-01-31 18:42 - 2014-01-20 10:27 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-31 18:42 - 2013-05-14 19:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\ESET
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\Program Files\ESET
2014-01-31 16:47 - 2013-05-11 18:59 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-01-31 16:43 - 2012-07-26 06:26 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2014-01-31 16:42 - 2013-05-11 18:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-31 01:36 - 2014-01-31 01:36 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\IObit
2014-01-31 01:36 - 2013-12-14 18:07 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Google
2014-01-31 01:19 - 2014-01-31 01:19 - 00000000 _____ () C:\WINDOWS\SysWOW64\config.nt
2014-01-31 01:10 - 2013-10-27 16:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-31 01:05 - 2014-01-31 01:05 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\AVAST Software
2014-01-31 01:05 - 2013-11-01 11:26 - 00409832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1391126739
2014-01-31 01:05 - 2013-05-11 18:35 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-01-31 01:04 - 2014-01-31 01:02 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:04 - 2013-12-14 18:11 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Skype
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:04 - 2013-08-11 15:10 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 01:04 - 2013-08-11 15:10 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 01:04 - 2013-05-11 21:27 - 00000000 ____D () C:\Mach3
2014-01-31 01:04 - 2013-05-11 17:52 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Thunderbird
2014-01-31 01:03 - 2013-06-10 13:22 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\SolidWorks
2014-01-31 01:03 - 2013-05-11 21:33 - 00000000 ____D () C:\NVIDIA
2014-01-31 01:03 - 2013-05-11 19:29 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\OpenOffice.org
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-01-31 00:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 00:59 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-31 00:08 - 2014-01-30 23:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZeroSpyware
2014-01-30 22:49 - 2014-01-19 12:45 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 21:27 - 2013-10-28 11:12 - 00000000 ___DC () C:\WINDOWS\Panther
2014-01-20 16:26 - 2014-01-19 19:26 - 00000755 _____ () C:\Users\F19Aurora\AppData\Local\CastleLinkProps.dat
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2014-01-19 08:38 - 2013-11-01 10:34 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\F19Aurora\AppData\Local\Temp\Checkupdate.exe
C:\Users\F19Aurora\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\F19Aurora\AppData\Local\Temp\gcapi_dll.dll
C:\Users\F19Aurora\AppData\Local\Temp\gtapi_signed.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-14 12:48
==================== End Of Log ============================
--- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by F19Aurora at 2014-02-14 18:28:11
Running from C:\Users\F19Aurora\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Assetto Corsa (x32 Version: - Kunos Simulazioni)
CamBam plus 0.9.8 (x32 Version: 0.9.9006 - HexRay Ltd)
CDBurnerXP (x32 Version: 4.5.2.4478 - CDBurnerXP)
Counter-Strike: Source (x32 Version: 1.0.0.0 - Valve)
cyberJack Base Components (x32 Version: 6.10.0 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version: - Microsoft)
ESET Smart Security (Version: 7.0.302.26 - ESET, spol s r. o.)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0 - MAGIX AG)
Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)
GIMP 2.6.8 (Version: - )
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP LaserJet Professional M1530 MFP Series (x32 Version: - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Update (x32 Version: 5.002.006.003 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (x32 Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead 2 (x32 Version: - Valve)
Mach3 (x32 Version: 3.043.066 - ArtSoft USA)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 17 (Designelemente) (x32 Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 (Soundtrack Maker-Stile) (x32 Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 (Titeleffekte) (x32 Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 (Tutorials) (x32 Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 (Überblendeffekte) (x32 Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG)
MAGIX Video deluxe 17 Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft VC80 Support DLLs (x32 Version: 1.0.0 - McNeel & Associates) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (x32 Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
NVIDIA Grafiktreiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Nvu 1.0 (x32 Version: 1.0 - Thorsten Fritz)
Paragon Backup & Recovery™ 2013 Free (x32 Version: 90.00.0003 - Paragon Software)
PicPick (x32 Version: 3.2.0 - NTeWORKS)
RACE 07 - Formula RaceRoom Add-On (x32 Version: - )
RACE 07 (x32 Version: - SimBin)
Rhinoceros 4.0 (x32 Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 4.0 SR9 (x32 Version: 4.0.60309 - Robert McNeel & Associates)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 (x32 Version: 9.0 - Star Finanz GmbH)
Steam (x32 Version: - Valve Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version: - Microsoft)
USB Enhanced Performance Keyboard Software (Version: 2.0.1.7 - Lenovo)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (Version: 4.10.0 - win.rar GmbH)
==================== Restore Points =========================
31-01-2014 00:13:17 Ohne Schutz
06-02-2014 19:03:28 Windows Update
13-02-2014 18:29:17 Windows Update
14-02-2014 15:02:59 Wiederherstellungsvorgang
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7B855EA4-2BBD-4396-8F05-375E692039BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BCF46AC-107A-485E-8B7B-B86ADAE6D668} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9DE06496-C6F5-4FC4-AC0F-3C6D8851B421} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A36BF520-D25C-466A-84B4-44419881C9D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-31] (Microsoft Corporation)
Task: {AEC1F10B-B546-4F52-9C2E-845553DB9494} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-11 20:19 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\F19Aurora\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-01-31 16:44 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2013-05-11 17:30 - 2013-12-20 13:34 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-10-25 14:36 - 2010-10-25 14:36 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\F19Aurora\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/14/2014 05:00:00 PM) (Source: ESENT) (User: )
Description: svchost (1360) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU000AA.log.
Error: (02/14/2014 04:09:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -528.
Error: (02/14/2014 04:09:57 PM) (Source: ESENT) (User: )
Description: Catalog Database (1152) Catalog Database: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\CatRoot2\edb00019.log.
Error: (02/14/2014 04:03:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/14/2014 04:02:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Heiko)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/14/2014 04:02:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 6.3.9600.16397, Zeitstempel: 0x522b2418
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.16476, Zeitstempel: 0x529466e3
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000082cf5d
ID des fehlerhaften Prozesses: 0x8b8
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5
Error: (02/14/2014 04:01:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Heiko)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/14/2014 04:01:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 6.3.9600.16397, Zeitstempel: 0x522b2418
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.16476, Zeitstempel: 0x529466e3
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000082cf5d
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5
Error: (02/14/2014 04:01:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Heiko)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/14/2014 04:01:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 6.3.9600.16397, Zeitstempel: 0x522b2418
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.16476, Zeitstempel: 0x529466e3
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000082cf5d
ID des fehlerhaften Prozesses: 0xdc4
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5
System errors:
=============
Error: (02/14/2014 06:19:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/14/2014 04:50:33 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/14/2014 04:41:19 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/14/2014 04:11:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/14/2014 03:43:20 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/14/2014 03:39:43 PM) (Source: DCOM) (User: Heiko)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (02/14/2014 03:39:41 PM) (Source: DCOM) (User: Heiko)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (02/14/2014 03:39:41 PM) (Source: DCOM) (User: Heiko)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (02/14/2014 03:39:41 PM) (Source: DCOM) (User: Heiko)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/14/2014 03:39:39 PM) (Source: DCOM) (User: Heiko)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (02/14/2014 05:00:00 PM) (Source: ESENT)(User: )
Description: svchost1360SRUJet: C:\WINDOWS\system32\SRU\SRU000AA.log-1811 (0xfffff8ed)
Error: (02/14/2014 04:09:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -528
Error: (02/14/2014 04:09:57 PM) (Source: ESENT)(User: )
Description: Catalog Database1152Catalog Database: C:\WINDOWS\system32\CatRoot2\edb00019.log-1811 (0xfffff8ed)
Error: (02/14/2014 04:03:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (02/14/2014 04:02:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Heiko)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170
Error: (02/14/2014 04:02:05 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe6.3.9600.16397522b2418Windows.UI.Xaml.dll6.3.9600.16476529466e3c000027b000000000082cf5d8b801cf2995b96241eeC:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dllf72b6a2d-9588-11e3-8015-001a92e9d979windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (02/14/2014 04:01:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Heiko)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170
Error: (02/14/2014 04:01:23 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe6.3.9600.16397522b2418Windows.UI.Xaml.dll6.3.9600.16476529466e3c000027b000000000082cf5d11d401cf2995a06f03dcC:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dllde382bef-9588-11e3-8015-001a92e9d979windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (02/14/2014 04:01:11 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Heiko)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170
Error: (02/14/2014 04:01:09 PM) (Source: Application Error)(User: )
Description: SystemSettings.exe6.3.9600.16397522b2418Windows.UI.Xaml.dll6.3.9600.16476529466e3c000027b000000000082cf5ddc401cf2995980fa11aC:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dlld5dd8de0-9588-11e3-8015-001a92e9d979windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 7167.17 MB
Available physical RAM: 5677.59 MB
Total Pagefile: 8319.17 MB
Available Pagefile: 6686.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.9 GB) (Free:60.8 GB) NTFS
Drive d: (Diverses) (Fixed) (Total:68.35 GB) (Free:68.17 GB) NTFS
Drive f: (Bibliotheken) (Fixed) (Total:303.25 GB) (Free:206.04 GB) NTFS
Drive g: (Sicherungen alles) (Fixed) (Total:94.16 GB) (Free:73.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9140C6A9)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6F3E74FD)
Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=303 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=94 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Was mir eben noch aufgefallen ist wenn mich meine Internetsecurity ESET informiert das meine software nicht auf dem neuesten Stand ist wundert mich der Eintrag Bing-Desktop v 1.3.1. Ich finde nirgends das Bing-Desktop, weder als Addon oder App wie auch immer. Hier ein Link zu dem Hinweis den ESET mir gibt. hxxp:///www.the-ghostrider.de/Bild%201.png Ich hoffe Ihr habt eine Lösung für mich. Gruß Heiko
__________________ Es kann nur eine geben die F19 Aurora Geändert von F19Aurora (14.02.2014 um 19:16 Uhr) |
|
14.02.2014, 19:11
| #2 |
| /// the machine /// TB-Ausbilder    |  Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
14.02.2014, 20:02
| #3 |
| | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo Schrauber,
__________________Malwarebytes Anti-Malware hatte ich heute nachmittag schon durchlaufen lassen: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.14.06 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16518 F19Aurora :: HEIKO [Administrator] Schutz: Aktiviert 14.02.2014 17:21:07 mbam-log-2014-02-14 (17-21-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 560945 Laufzeit: 34 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 14/02/2014 um 19:17:48
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : F19Aurora - HEIKO
# Gestartet von : C:\Users\F19Aurora\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\invalidprefs.js
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\user.js
Ordner Gefunden C:\Program Files (x86)\Common Files\spigot
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\videosaver
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : HKLM\SOFTWARE\5c53d8dae23fe445
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "7e63f384000000000000001a92e9def7");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15836");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:48:53");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "dnldstr1202");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1337920549");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "27D168FC180026C193C04E46E7F04F95");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "001A92E9DEF7F384");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16053");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.018:7:29");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:7:29");
*************************
AdwCleaner[R0].txt - [7005 octets] - [14/02/2014 19:17:48]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7065 octets] ##########
Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 14/02/2014 um 19:18:50
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : F19Aurora - HEIKO
# Gestartet von : C:\Users\F19Aurora\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\invalidprefs.js
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\user.js
Ordner Gefunden C:\Program Files (x86)\Common Files\spigot
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\videosaver
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : HKLM\SOFTWARE\5c53d8dae23fe445
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("extensions.delta.admin", false);
Zeile gefunden : user_pref("extensions.delta.aflt", "babsst");
Zeile gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gefunden : user_pref("extensions.delta.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.delta.dfltLng", "en");
Zeile gefunden : user_pref("extensions.delta.excTlbr", false);
Zeile gefunden : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.delta.id", "7e63f384000000000000001a92e9def7");
Zeile gefunden : user_pref("extensions.delta.instlDay", "15836");
Zeile gefunden : user_pref("extensions.delta.instlRef", "sst");
Zeile gefunden : user_pref("extensions.delta.newTab", false);
Zeile gefunden : user_pref("extensions.delta.prdct", "delta");
Zeile gefunden : user_pref("extensions.delta.prtnrId", "delta");
Zeile gefunden : user_pref("extensions.delta.rvrt", "false");
Zeile gefunden : user_pref("extensions.delta.smplGrp", "none");
Zeile gefunden : user_pref("extensions.delta.tlbrId", "base");
Zeile gefunden : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gefunden : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gefunden : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:48:53");
Zeile gefunden : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "dnldstr1202");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1337920549");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "27D168FC180026C193C04E46E7F04F95");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "001A92E9DEF7F384");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16053");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.018:7:29");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:7:29");
*************************
AdwCleaner[R0].txt - [7169 octets] - [14/02/2014 19:17:48]
AdwCleaner[R1].txt - [7065 octets] - [14/02/2014 19:18:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7125 octets] ##########
Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 14/02/2014 um 19:20:04
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : F19Aurora - HEIKO
# Gestartet von : C:\Users\F19Aurora\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Datei Gelöscht : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\invalidprefs.js
Datei Gelöscht : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\5c53d8dae23fe445
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\videosaver
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "7e63f384000000000000001a92e9def7");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15836");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:48:53");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dnldstr1202");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1337920549");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "27D168FC180026C193C04E46E7F04F95");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "001A92E9DEF7F384");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16053");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.018:7:29");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:7:29");
*************************
AdwCleaner[R0].txt - [7169 octets] - [14/02/2014 19:17:48]
AdwCleaner[R1].txt - [7229 octets] - [14/02/2014 19:18:50]
AdwCleaner[S0].txt - [6716 octets] - [14/02/2014 19:20:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6776 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by F19Aurora (administrator) on HEIKO on 14-02-2014 20:04:20
Running from C:\Users\F19Aurora\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
() C:\Users\F19Aurora\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\WINDOWS\system32\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SKDaemon.exe] - C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [335872 2010-03-02] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] - C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [ToolboxFX] - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKU\S-1-5-21-3405735661-249413621-4105650749-1001\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11417504 2012-11-25] (NTeWORKS)
HKU\S-1-5-21-3405735661-249413621-4105650749-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\F19Aurora\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3405735661-249413621-4105650749-1009\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11417504 2012-11-25] (NTeWORKS)
HKU\S-1-5-21-3405735661-249413621-4105650749-1009\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5A7099D644ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0Ezy0D0E0FyB0FtAzzyEtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1337920549&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {95E7D617-945B-4175-8B86-E2B20A874CCF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {3195CF7C-E9E2-49B2-8B61-14F285298E1C} https://sslvpn.rc-midmarket.de/wa/AccessClientLoader.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.rc-network.de/forum/forumdisplay.php/20-E-Impeller-Jets|hxxp://www.lockheed-stealth.de/|hxxp://www.rcgroups.com/electric-ducted-fan-jet-talk-12/|hxxp://www.rcgroups.com/large-edf-jets-858/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\de_DE@dicts.j3e.de [2013-09-13]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-19]
FF Extension: YouTube Video and Audio Downloader - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-01-28]
FF Extension: Google Translator for Firefox - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\translator@zoli.bod.xpi [2013-05-17]
FF Extension: RoboForm Lite - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\xpirftoolbar@roboform.com.xpi [2013-05-11]
FF Extension: FireFTP button - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi [2013-05-11]
FF Extension: FireFTP - C:\Users\F19Aurora\AppData\Roaming\Mozilla\Firefox\Profiles\zeihl859.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-05-11]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-31]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx []
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx []
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\F19Aurora\AppData\Local\Slick Savings\coupons.crx []
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx []
==================== Services (Whitelisted) =================
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-14 19:30 - 2014-02-14 19:31 - 00002234 _____ () C:\Users\F19Aurora\Desktop\JRT.txt
2014-02-14 19:23 - 2014-02-14 19:23 - 01037530 _____ (Thisisu) C:\Users\F19Aurora\Downloads\JRT.exe
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-14 19:17 - 2014-02-14 19:20 - 00000000 ____D () C:\AdwCleaner
2014-02-14 19:17 - 2014-02-14 19:17 - 01166132 _____ () C:\Users\F19Aurora\Downloads\adwcleaner.exe
2014-02-14 18:52 - 2014-02-14 18:52 - 428502424 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-14 18:52 - 2014-02-14 18:52 - 00293992 _____ () C:\WINDOWS\Minidump\021414-6812-01.dmp
2014-02-14 18:31 - 2014-02-14 18:31 - 00380416 _____ () C:\Users\F19Aurora\Downloads\Gmer-19357.exe
2014-02-14 18:26 - 2014-02-14 20:04 - 00015287 _____ () C:\Users\F19Aurora\Downloads\FRST.txt
2014-02-14 18:26 - 2014-02-14 20:04 - 00000000 ____D () C:\FRST
2014-02-14 18:26 - 2014-02-14 18:28 - 00026658 _____ () C:\Users\F19Aurora\Downloads\Addition.txt
2014-02-14 18:25 - 2014-02-14 18:25 - 02152960 _____ (Farbar) C:\Users\F19Aurora\Downloads\FRST64.exe
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 17:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-14 17:19 - 2014-02-14 17:19 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\F19Aurora\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 16:22 - 2014-02-14 16:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\F19Aurora\Downloads\HijackThis.exe
2014-02-14 16:13 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-14 16:13 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-14 16:12 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-14 16:12 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-14 16:12 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-14 16:12 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-14 16:12 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-14 16:12 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-14 16:12 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-14 16:12 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-14 16:12 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-14 16:12 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-14 16:12 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-14 16:12 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-14 16:12 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-14 16:12 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-14 16:12 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-14 16:12 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-14 16:12 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-14 16:12 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-14 16:12 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-14 16:12 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-14 16:12 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-14 16:12 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-14 16:12 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-14 16:12 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-14 16:12 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-14 16:12 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-14 16:12 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-14 16:12 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-14 16:12 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-14 16:12 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-14 16:12 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-14 16:12 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-14 16:12 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-14 16:12 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-14 16:12 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-14 16:12 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-14 16:12 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-14 16:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-14 16:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-14 16:12 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-14 16:12 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-14 16:12 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-14 16:12 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-14 16:12 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-14 16:12 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-14 16:12 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-14 16:12 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-14 16:12 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-14 16:12 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-14 16:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-14 16:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-14 16:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-14 16:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-14 16:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-14 16:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-14 16:11 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-14 16:11 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-14 16:11 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-14 16:11 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-14 16:10 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-14 16:10 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-14 16:10 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-14 16:10 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-14 16:10 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-14 16:10 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-14 16:10 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-14 16:10 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-14 16:10 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-14 16:10 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-14 15:47 - 2014-02-14 15:47 - 00032494 _____ () C:\Users\F19Aurora\.recently-used.xbel
2014-02-14 10:31 - 2014-02-14 10:31 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Malwarebytes
2014-02-03 13:58 - 2014-02-14 20:03 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 13:58 - 2014-02-14 19:42 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 13:58 - 2014-02-03 13:58 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-03 13:58 - 2014-02-03 13:58 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 14:27 - 2014-02-01 14:28 - 30112461 _____ () C:\Users\F19Aurora\Desktop\Billy Ocean - Suddenly (2009).mp4
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\ESET
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\Program Files\ESET
2014-01-31 18:30 - 2014-01-31 19:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-01-31 16:43 - 2014-02-04 18:57 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-01-31 01:36 - 2014-01-31 01:36 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\IObit
2014-01-31 01:19 - 2014-01-31 01:19 - 00000000 _____ () C:\WINDOWS\SysWOW64\config.nt
2014-01-31 01:07 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-31 01:07 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-31 01:07 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-31 01:07 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-31 01:07 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-31 01:07 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-31 01:07 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-31 01:07 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-31 01:07 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-31 01:07 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-31 01:06 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-31 01:05 - 2014-01-31 01:05 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\AVAST Software
2014-01-31 01:02 - 2014-01-31 01:04 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-01-31 01:02 - 2013-12-22 18:47 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-01-31 01:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-30 23:55 - 2014-01-31 00:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZeroSpyware
2014-01-30 22:45 - 2014-01-31 19:34 - 01150488 _____ () C:\WINDOWS\PFRO.log
2014-01-30 21:28 - 2014-02-14 19:55 - 01109140 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-22 12:57 - 2014-02-14 16:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-20 10:27 - 2014-01-31 18:42 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 19:26 - 2014-01-20 16:26 - 00000755 _____ () C:\Users\F19Aurora\AppData\Local\CastleLinkProps.dat
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2014-01-19 12:45 - 2014-02-14 18:52 - 00000000 ____D () C:\WINDOWS\Minidump
==================== One Month Modified Files and Folders =======
2014-02-14 20:04 - 2014-02-14 18:26 - 00015287 _____ () C:\Users\F19Aurora\Downloads\FRST.txt
2014-02-14 20:04 - 2014-02-14 18:26 - 00000000 ____D () C:\FRST
2014-02-14 20:03 - 2014-02-03 13:58 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-14 19:55 - 2014-01-30 21:28 - 01109140 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 19:47 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-14 19:47 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-14 19:47 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-14 19:47 - 2013-05-11 18:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3405735661-249413621-4105650749-1001
2014-02-14 19:42 - 2014-02-03 13:58 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 19:42 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 19:31 - 2014-02-14 19:30 - 00002234 _____ () C:\Users\F19Aurora\Desktop\JRT.txt
2014-02-14 19:23 - 2014-02-14 19:23 - 01037530 _____ (Thisisu) C:\Users\F19Aurora\Downloads\JRT.exe
2014-02-14 19:23 - 2014-02-14 19:23 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-14 19:20 - 2014-02-14 19:17 - 00000000 ____D () C:\AdwCleaner
2014-02-14 19:20 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\F19Aurora
2014-02-14 19:17 - 2014-02-14 19:17 - 01166132 _____ () C:\Users\F19Aurora\Downloads\adwcleaner.exe
2014-02-14 19:10 - 2013-12-14 18:04 - 00083183 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-02-14 18:52 - 2014-02-14 18:52 - 428502424 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-14 18:52 - 2014-02-14 18:52 - 00293992 _____ () C:\WINDOWS\Minidump\021414-6812-01.dmp
2014-02-14 18:52 - 2014-01-19 12:45 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-14 18:31 - 2014-02-14 18:31 - 00380416 _____ () C:\Users\F19Aurora\Downloads\Gmer-19357.exe
2014-02-14 18:28 - 2014-02-14 18:26 - 00026658 _____ () C:\Users\F19Aurora\Downloads\Addition.txt
2014-02-14 18:25 - 2014-02-14 18:25 - 02152960 _____ (Farbar) C:\Users\F19Aurora\Downloads\FRST64.exe
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 17:20 - 2014-02-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 17:19 - 2014-02-14 17:19 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\F19Aurora\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-14 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-14 16:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-14 16:37 - 2013-06-10 13:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 16:35 - 2013-08-22 14:25 - 00000167 _____ () C:\WINDOWS\win.ini
2014-02-14 16:22 - 2014-02-14 16:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\F19Aurora\Downloads\HijackThis.exe
2014-02-14 16:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-14 16:08 - 2013-10-28 11:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-14 16:07 - 2014-01-22 12:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-14 16:07 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\Administrator
2014-02-14 16:07 - 2013-10-28 11:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SystemResources
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-14 16:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-14 16:07 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-02-14 16:07 - 2013-08-11 15:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-02-14 16:07 - 2013-07-05 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-14 16:07 - 2013-05-11 22:18 - 00000000 ___RD () C:\Users\F19Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 16:07 - 2013-05-11 22:18 - 00000000 ___RD () C:\Users\F19Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 16:07 - 2013-05-11 22:17 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Packages
2014-02-14 16:07 - 2013-05-11 21:58 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\gtk-2.0
2014-02-14 16:07 - 2013-05-11 20:38 - 00000000 ____D () C:\ProgramData\CamBam plus 0.9.8
2014-02-14 16:07 - 2013-05-11 18:15 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\picpick
2014-02-14 16:06 - 2013-12-20 14:39 - 00000000 __RHD () C:\MSOCache
2014-02-14 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-14 16:06 - 2013-05-11 21:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-14 15:56 - 2013-10-28 11:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-14 15:55 - 2014-02-14 15:55 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-14 15:47 - 2014-02-14 15:47 - 00032494 _____ () C:\Users\F19Aurora\.recently-used.xbel
2014-02-14 15:47 - 2013-05-11 19:18 - 00000000 ____D () C:\Users\F19Aurora\.gimp-2.6
2014-02-14 15:46 - 2013-10-27 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-14 10:31 - 2014-02-14 10:31 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Malwarebytes
2014-02-07 10:39 - 2013-06-10 13:25 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Microsoft Help
2014-02-06 13:16 - 2014-02-14 16:12 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 16:12 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 16:12 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 16:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 16:12 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 16:12 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 16:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 16:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-14 16:12 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 16:12 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 16:12 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 16:12 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 16:12 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 16:12 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 16:12 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 16:12 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 16:12 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 16:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 16:12 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 16:12 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 16:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 16:12 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 16:12 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-14 16:12 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 16:12 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 16:12 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 16:12 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 16:12 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 16:12 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 16:12 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 16:12 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 16:12 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 16:12 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 16:12 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 16:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 16:12 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 16:12 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-04 19:00 - 2013-05-11 19:08 - 00000398 _____ () C:\WINDOWS\hbcikrnl.ini
2014-02-04 18:57 - 2014-01-31 16:43 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-02-03 13:58 - 2014-02-03 13:58 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-03 13:58 - 2014-02-03 13:58 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 14:28 - 2014-02-01 14:27 - 30112461 _____ () C:\Users\F19Aurora\Desktop\Billy Ocean - Suddenly (2009).mp4
2014-01-31 19:34 - 2014-01-31 18:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-01-31 19:34 - 2014-01-30 22:45 - 01150488 _____ () C:\WINDOWS\PFRO.log
2014-01-31 19:34 - 2013-08-22 15:44 - 00555184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-31 19:34 - 2013-05-11 20:50 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-01-31 18:42 - 2014-01-20 10:27 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-31 18:42 - 2013-05-14 19:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\ESET
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\ProgramData\ESET
2014-01-31 18:36 - 2014-01-31 18:36 - 00000000 ____D () C:\Program Files\ESET
2014-01-31 16:47 - 2013-05-11 18:59 - 00000000 ____D () C:\ProgramData\StarMoney 9.0
2014-01-31 16:43 - 2012-07-26 06:26 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2014-01-31 16:42 - 2013-05-11 18:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-31 01:36 - 2014-01-31 01:36 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\IObit
2014-01-31 01:36 - 2013-12-14 18:07 - 00000000 ____D () C:\Users\F19Aurora\AppData\Local\Google
2014-01-31 01:19 - 2014-01-31 01:19 - 00000000 _____ () C:\WINDOWS\SysWOW64\config.nt
2014-01-31 01:10 - 2013-10-27 16:45 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-31 01:05 - 2014-01-31 01:05 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\AVAST Software
2014-01-31 01:05 - 2013-11-01 11:26 - 00409832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1391126739
2014-01-31 01:05 - 2013-05-11 18:35 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-01-31 01:04 - 2014-01-31 01:02 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:04 - 2013-12-14 18:11 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Skype
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-31 01:04 - 2013-10-28 11:16 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-31 01:04 - 2013-08-11 15:10 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-31 01:04 - 2013-08-11 15:10 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-31 01:04 - 2013-05-11 21:27 - 00000000 ____D () C:\Mach3
2014-01-31 01:04 - 2013-05-11 17:52 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Thunderbird
2014-01-31 01:03 - 2013-06-10 13:22 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\SolidWorks
2014-01-31 01:03 - 2013-05-11 21:33 - 00000000 ____D () C:\NVIDIA
2014-01-31 01:03 - 2013-05-11 19:29 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\OpenOffice.org
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-01-31 01:02 - 2014-01-31 01:02 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-01-31 00:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 00:59 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-31 00:08 - 2014-01-30 23:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZeroSpyware
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 21:27 - 2013-10-28 11:12 - 00000000 ___DC () C:\WINDOWS\Panther
2014-01-20 16:26 - 2014-01-19 19:26 - 00000755 _____ () C:\Users\F19Aurora\AppData\Local\CastleLinkProps.dat
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Users\F19Aurora\AppData\Roaming\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files\Castle Creations
2014-01-19 19:24 - 2014-01-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Castle Creations
2014-01-19 08:38 - 2013-11-01 10:34 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\F19Aurora\AppData\Local\Temp\Checkupdate.exe
C:\Users\F19Aurora\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\F19Aurora\AppData\Local\Temp\gcapi_dll.dll
C:\Users\F19Aurora\AppData\Local\Temp\gtapi_signed.dll
C:\Users\F19Aurora\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-14 12:48
==================== End Of Log ============================
Und hier noch das JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 Pro x64
Ran by F19Aurora on 14.02.2014 at 19:23:57,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3405735661-249413621-4105650749-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3405735661-249413621-4105650749-1001\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\F19Aurora\AppData\Roaming\mozilla\firefox\profiles\zeihl859.default\minidumps [58 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.02.2014 at 19:30:27,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gruß Heiko Hallo Schrauber, Habe FRST aktualisiert und FRT hinzugefügt Gruß Heiko P.s. noch hat sich leider nichts verändert...................... 
__________________ Geändert von F19Aurora (14.02.2014 um 20:17 Uhr) |
|
15.02.2014, 18:07
| #4 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Wir haben jetzt mal ne gefühlte Tonne an Adware und Rotz entfernt. was ist der Standardbrowser bei dir? Dieser startet immer direkt im Autotart?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.02.2014, 18:42
| #5 |
| |  Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo Schrauber, sorry das ich mich erst jetzt melde. Win 8.1 nimmt immer den Standardbrowser egal ob Ie oder FF oder Chrome. habe mich dazu entschlossen neu zu installieren und danke dir für deine Hilfe. Da ich ja AVAST drauf hatte und jetzt ESET wollte mal was anderes probieren, frage ich mich was kann ich gegen den Müll tun. Ich dachte immer mit einer Internetsecurity wäre das soweit erledigt. Das ist aber wohl ein Irrglaube. Was würdest Du mir raten zu kaufen und zu installieren als Zusatz zu ESET. Danke Heiko 
__________________ Es kann nur eine geben die F19 Aurora |
|
16.02.2014, 07:55
| #6 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Als Zusatz? Nix. MBAM kann man installieren für ab und zu scannen. Aber richtige AV Tools immer nur eines nutzen. Ich empfehle immer Emsisoft.
__________________ --> Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine |
|
16.02.2014, 17:32
| #7 |
| |  Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo Schrauber, was soll ich sagen ich bin sprachlos, hatte alles fertig und habe eben meinen Rechner wegen Magix erneut gestartet und siehe da ie Suchmaschine Bing startet automatisch mit jetzt Chrome. Oh man ich bin jetzt ja sowas von entäuscht. Kann es mit einem Windows Update kommen. Ich Poste gleich nochmal die ganzen Logs wie oben gewünscht. Gruß Heiko
__________________ Es kann nur eine geben die F19 Aurora |
|
16.02.2014, 18:22
| #8 |
| |  Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hier nun wieder die Logs bitte helft mir...................die letzte Datei die ich installiert hatte war Magix video Deluxe 17. die war aber damals schon Drauf und wurde von mir nicht gestartet. Und diverse Windows Updates habe ich gemacht. Die FRST.txt ist zu groß und habe sie dann geteilt. Danke Heiko
__________________ Es kann nur eine geben die F19 Aurora |
|
17.02.2014, 13:34
| #9 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine How to perform a clean boot in Windows Mach mal bitte nen Clean Boot. Problem dann weg?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2014, 13:29
| #10 |
| | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo Schrauber, auch nach der letzten Anleitung mit dem Clean Start, tritt das Problem weiterhin temporär auf. alle hier im Forum genannten Tools lasse ich des öfteren mal durchlaufen (natürlich immer die aktuellsten). Diese bleiben alle ohne Befund. Ich habe mich jetzt mal an Microsoft gewendet mit der Bitte das Die sich mal bewegen. Ist ja schließlich deren Seite die dort aufpoppt. Auch das FRST Tool (ist ja ne lange Liste) die aber lesen lernen kann habe ich mehrfach komplett mit Hilfe des Netzes durchgearbeitet. Leider auch ohne Erfolg. Sollte noch jemand eine Idee haben, bin offen für alles  Gruß Heiko Das Tool was den Temporären Speicher entleert habe ich heute erstmals ausgeführt. Eigentlich war ich der Meinung das ich meine Temp speicher immer gelegentlich sauber lösche. Dem ist leider nicht so. Das Tool ist wohl gründlicher
__________________ Es kann nur eine geben die F19 Aurora |
|
10.03.2014, 12:58
| #11 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2014, 11:22
| #12 |
| | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Dazu fällt mir nichts mehr ein................... hier die Lösung, durch Zufall mit dem nicht aufgelösten bing.com Link, gefunden im Microsoft Forum: Es scheinen wohl viele Leute dasselbe Problem zu haben, daher habe ich folgende Information auf der englischen Microsoft Seite gefunden, mit dem Hinweis eines Nutzers, das folgende zu tun: "You can disable it via setting following registry entry from 1 to 0:" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing  Mir fehlen die Worte was MS das so macht...........Gruß Heiko
__________________ Es kann nur eine geben die F19 Aurora |
|
05.04.2014, 10:33
| #13 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine nice
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2014, 11:57
| #14 |
| | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Hallo Schrauber, mein ESET Smart Security schlägt auf den Winrar/Malware Link in deiner Signature an. Auch wenn ich das Programm runter geladen habe und es mit ESET nochmals prüfe gibt es eine Warnung. Ist das so OK?? Heiko
__________________ Es kann nur eine geben die F19 Aurora |
|
06.04.2014, 12:04
| #15 |
| /// the machine /// TB-Ausbilder | Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine Das ist nicht meine Signatur, dass ist Werbung zwischen den einzelnen Antworten. Installier mal einen Adblocker.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 8.1 Startet automatisch den Standard Browser mit der Bing Suchmaschine |
| browser, downloader, excel, firefox, flash player, hijack, hijackthis, installation, mozilla, performance, problem, pup.optional.babylontoolbar.a, pup.optional.datamngr.a, pup.optional.installcore.a, pup.optional.mysearchdial.a, rundll, scan, services.exe, soundtrack, starmoney, suchmaschine, svchost.exe, system, windows |
Linear-Darstellung
