| |
| |||||||
Log-Analyse und Auswertung: Mysearchdial läßt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.03.2014, 12:15
| #1 |
 |  Mysearchdial läßt sich nicht entfernen Beim Download von dropbox portable landete ichauf der falschen Seite und erhielt statt der gewünschten Applikation nur einen Haufen Schrott auf den Rechner, den Kaspersky gleich alarmierend fand. Über die Windows Routine Programme habe ich schon deinstallationen durchgeführt. Leider haben mir die Googleergebnisse nicht ermöglicht wieder den Suchdienst Mysearchdial los zu werden. Der hat sich im IE festgesetzt und läßt sich nicht löschen. Auch in Mozilla scheint der Suchdienst zwar nicht mehr als Plugin, ist aber sehr wohl ind er Schnellsuchleiste noch aktiv. Da ich vorhin auf ein filesharer Portal umgeleitet wurde erscheint mir das alles etwas suspekt und ich freue mich auf Hilfe. Folgende Logs gab es bei mir: defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:52 on 01/03/2014 (Frederik) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02 Ran by Frederik (administrator) on AQUI-LENOVO on 01-03-2014 09:53:57 Running from C:\Users\Frederik\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\system32\ibmpmsvc.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe () C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe () C:\Users\Frederik\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIH4E.EXE (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Dropbox, Inc.) C:\Users\Frederik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\RotateImage\RCIMGDIR.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ismagent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\updateui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (MATESO GmbH) C:\Program Files (x86)\Password Safe and Repository 6\psr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Frederik\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [248320 2009-12-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-17] (RealNetworks, Inc.) HKLM-x32\...\Run: [avp] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-05-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [Amazon Cloud Player] - C:\Users\Frederik\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] () HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-02-13] (SlySoft, Inc.) HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH4E.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Admin2.Aqui-Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwu.cmd () Startup: C:\Users\Frederik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Frederik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Frederik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwu.cmd () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2 StCtC0C0A0F0CzzzztGyDyC0EtBtGyEzzyE0DtG0C0CyE0CtGtD0DtAzztC0Dzz0EtBtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyDyD0Ezz0E0DtGyC0EyCyBtGtAyDtDtCtG0CyCyC0BtGtAt B0D0AyDtDtBtAyDzyyCtA2Q&cr=1056549232&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2 StCtC0C0A0F0CzzzztGyDyC0EtBtGyEzzyE0DtG0C0CyE0CtGtD0DtAzztC0Dzz0EtBtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyDyD0Ezz0E0DtGyC0EyCyBtGtAyDtDtCtG0CyCyC0BtGtAt B0D0AyDtDtBtAyDzyyCtA2Q&cr=1056549232&ir= SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtC tC1V1StN1L1G1B1V1N2Y1L1Qzu2StCtC0C0A0F0CzzzztGyDyC0EtBtGyEzzyE0DtG0C0CyE0CtGtD0DtAzztC0Dzz0EtBtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyDyD0Ezz0E0DtGyC0EyC yBtGtAyDtDtCtG0CyCyC0BtGtAtB0D0AyDtDtBtAyDzyyCtA2Q&cr=1056549232&ir= SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtC tC1V1StN1L1G1B1V1N2Y1L1Qzu2StCtC0C0A0F0CzzzztGyDyC0EtBtGyEzzyE0DtG0C0CyE0CtGtD0DtAzztC0Dzz0EtBtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyDyD0Ezz0E0DtGyC0EyC yBtGtAyDtDtCtG0CyCyC0BtGtAtB0D0AyDtDtBtAyDzyyCtA2Q&cr=1056549232&ir= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtC tC1V1StN1L1G1B1V1N2Y1L1Qzu2StCtC0C0A0F0CzzzztGyDyC0EtBtGyEzzyE0DtG0C0CyE0CtGtD0DtAzztC0Dzz0EtBtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyDyD0Ezz0E0DtGyC0EyC yBtGtAyDtDtCtG0CyCyC0BtGtAtB0D0AyDtDtBtAyDzyyCtA2Q&cr=1056549232&ir= BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 09 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 10 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 11 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Winsock: Catalog9 23 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{034489EE-45F3-4703-A981-EC1F2CA86A03}: [NameServer]139.7.30.126 139.7.30.125 FireFox: ======== FF ProfilePath: C:\Users\Frederik\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default FF user.js: detected! => C:\Users\Frederik\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\user.js FF DefaultSearchEngine: Mysearchdial FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Mysearchdial FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Users\Frederik\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HP Smart Print - C:\Users\Frederik\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\Extensions\hpwebprint@hpwebprint.com [2013-09-25] FF Extension: Deutsch (DE) Language Pack - C:\Users\Frederik\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2013-03-19] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-16] FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-02-16] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-16] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-02] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-17] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013-05-11] FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013-05-11] FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013-05-11] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-25] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-25] CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-25] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-05-11] (Kaspersky Lab ZAO) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 HPSLPSVC; C:\Users\Frederik\AppData\Local\Temp\7zS4AEE\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) R2 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [545280 2012-01-16] () R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] () R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-09-17] (SPEEDbit) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [438272 2009-10-09] () S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [X] ==================== Drivers (Whitelisted) ==================== R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2014-02-13] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2014-02-13] (SlySoft, Inc.) R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 e36gbus; C:\Windows\System32\DRIVERS\e36gbus.sys [328704 2009-06-30] (MCCI Corporation) R3 e36gmdfl; C:\Windows\System32\DRIVERS\e36gmdfl.sys [19456 2009-06-30] (MCCI Corporation) R3 e36gmdm; C:\Windows\System32\DRIVERS\e36gmdm.sys [432128 2009-06-30] (MCCI Corporation) R3 e36gmgmt; C:\Windows\System32\DRIVERS\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation) R3 e36wgps; C:\Windows\System32\DRIVERS\e36wgps64.sys [96296 2009-07-10] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-09-22] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-09-22] (Ericsson AB) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-05-11] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-01-03] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-01-03] (Acronis) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [259624 2009-10-13] (Ericsson AB) S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-01 09:53 - 2014-03-01 09:54 - 00031885 _____ () C:\Users\Frederik\Downloads\FRST.txt 2014-03-01 09:53 - 2014-03-01 09:53 - 00000000 ____D () C:\FRST 2014-03-01 09:52 - 2014-03-01 09:52 - 02155520 _____ (Farbar) C:\Users\Frederik\Downloads\FRST64.exe 2014-03-01 09:49 - 2014-03-01 09:52 - 00000478 _____ () C:\Users\Frederik\Downloads\defogger_disable.log 2014-03-01 09:48 - 2014-03-01 09:49 - 00050477 _____ () C:\Users\Frederik\Downloads\Defogger.exe 2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Frederik\Documents\My Received Files 2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\MusicNet 2014-03-01 00:41 - 2014-03-01 00:41 - 00000000 ____D () C:\Users\Frederik\Ingeborg 2014-03-01 00:31 - 2014-03-01 00:31 - 00000000 ____D () C:\Users\Frederik\Documents\DropboxPortableAHK_1.6.8 2014-03-01 00:23 - 2014-03-01 09:23 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job 2014-03-01 00:23 - 2014-03-01 00:23 - 00003256 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-03-01 00:23 - 2014-03-01 00:23 - 00003256 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-03-01 00:23 - 2014-03-01 00:23 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-01 00:23 - 2014-03-01 00:23 - 00000047 _____ () C:\Users\Frederik\AppData\Roaming\WB.CFG 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\mysearchdial 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\DigitalSites 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial 2014-03-01 00:16 - 2014-03-01 00:16 - 37660568 _____ (Dropbox, Inc.) C:\Users\Frederik\Downloads\Dropbox 2.6.2.exe 2014-03-01 00:07 - 2014-03-01 00:07 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\DropboxMaster 2014-02-28 12:40 - 2014-02-28 12:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf 2014-02-21 19:27 - 2014-02-21 19:27 - 00000000 ____D () C:\Users\Frederik\DxReport 2014-02-21 19:26 - 2014-02-21 19:26 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\LaunchPad 2014-02-20 10:09 - 2014-02-20 10:32 - 00000000 ____D () C:\Users\Frederik\Desktop\Knoche 2014-02-19 19:26 - 2014-02-19 19:27 - 00000000 ____D () C:\Users\Frederik\Documents\ScansHP 2014-02-18 23:48 - 2014-02-18 23:49 - 59319576 _____ () C:\Users\Frederik\Downloads\HP-ePrint-win-4.6.60.12747.exe 2014-02-18 23:17 - 2014-02-18 23:17 - 02296864 _____ () C:\Users\Frederik\Downloads\OJ4620_R1341D.exe 2014-02-18 22:27 - 2014-02-18 22:39 - 00000000 ____D () C:\Users\Frederik\AppData\Local\HP 2014-02-18 22:27 - 2014-02-18 22:27 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-02-18 22:26 - 2014-02-18 22:26 - 30360152 _____ () C:\Users\Frederik\Downloads\OJ4620_Basicx64_1315.exe 2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 08:19 - 2014-02-16 08:26 - 00000000 ____D () C:\Users\Frederik\Desktop\sampler 2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys 2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys 2014-02-12 18:16 - 2014-02-12 18:16 - 00009620 _____ () C:\Users\Frederik\Documents\Handy Eltern.xlsx 2014-02-12 16:00 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-12 16:00 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-12 15:59 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-12 15:59 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-12 15:59 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-12 15:59 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-12 15:59 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-12 15:59 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-12 15:59 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-12 15:59 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-12 15:59 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-12 15:59 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-12 15:59 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-12 15:59 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-12 15:59 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-12 15:59 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-12 15:59 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-12 15:59 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-12 15:59 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-12 15:59 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-12 15:59 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-12 15:59 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-12 15:59 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-12 15:59 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-12 15:59 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-12 15:59 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-12 15:59 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-12 15:59 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-12 15:59 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-12 15:59 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-12 15:59 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-12 15:59 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-12 15:59 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-12 15:59 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-12 15:59 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-12 15:59 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-12 15:59 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-12 15:59 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-12 15:59 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-12 15:59 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-12 15:59 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 10:41 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 10:41 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 10:41 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 10:41 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 10:41 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 10:41 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 10:41 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 10:41 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 10:41 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 10:41 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 10:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 10:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 10:41 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 10:41 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 10:41 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 10:41 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 10:41 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 10:41 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 10:41 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 10:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 10:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 10:41 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 10:41 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 10:41 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 10:41 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 10:41 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 10:41 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 10:41 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-10 19:45 - 2014-02-10 19:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll 2014-02-03 23:20 - 2014-02-03 23:20 - 00009363 _____ () C:\Users\Frederik\Documents\Tel1.xlsx 2014-01-30 20:38 - 2014-02-16 18:54 - 00001105 _____ () C:\Users\Public\Desktop\AnyDVD.lnk ==================== One Month Modified Files and Folders ======= 2014-03-01 09:54 - 2014-03-01 09:53 - 00031885 _____ () C:\Users\Frederik\Downloads\FRST.txt 2014-03-01 09:53 - 2014-03-01 09:53 - 00000000 ____D () C:\FRST 2014-03-01 09:52 - 2014-03-01 09:52 - 02155520 _____ (Farbar) C:\Users\Frederik\Downloads\FRST64.exe 2014-03-01 09:52 - 2014-03-01 09:49 - 00000478 _____ () C:\Users\Frederik\Downloads\defogger_disable.log 2014-03-01 09:49 - 2014-03-01 09:48 - 00050477 _____ () C:\Users\Frederik\Downloads\Defogger.exe 2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Frederik\Documents\My Received Files 2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\MusicNet 2014-03-01 09:43 - 2013-05-11 11:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-01 09:31 - 2013-01-01 20:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-01 09:23 - 2014-03-01 00:23 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job 2014-03-01 09:13 - 2013-01-02 14:01 - 00000000 ____D () C:\Users\Frederik\Documents\Outlook-Dateien 2014-03-01 09:12 - 2013-01-02 16:54 - 00000902 _____ () C:\Users\Frederik\Documents\psr6.lic 2014-03-01 09:07 - 2013-01-02 18:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-01 09:07 - 2013-01-02 18:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-01 09:04 - 2013-01-02 10:07 - 00000000 ____D () C:\Users\Frederik\AppData\Local\Adobe 2014-03-01 09:02 - 2009-07-14 05:45 - 00036160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-01 09:02 - 2009-07-14 05:45 - 00036160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-01 08:59 - 2013-01-01 17:43 - 01692593 _____ () C:\Windows\WindowsUpdate.log 2014-03-01 08:56 - 2013-01-02 15:44 - 00000000 ___RD () C:\Users\Frederik\Dropbox 2014-03-01 08:56 - 2013-01-02 15:37 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\Dropbox 2014-03-01 08:55 - 2013-08-07 22:02 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 2014-03-01 08:55 - 2013-08-07 22:02 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 2014-03-01 08:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-01 08:54 - 2009-07-14 05:51 - 00118136 _____ () C:\Windows\setupact.log 2014-03-01 00:41 - 2014-03-01 00:41 - 00000000 ____D () C:\Users\Frederik\Ingeborg 2014-03-01 00:41 - 2013-01-02 10:07 - 00000000 ____D () C:\Users\Frederik 2014-03-01 00:31 - 2014-03-01 00:31 - 00000000 ____D () C:\Users\Frederik\Documents\DropboxPortableAHK_1.6.8 2014-03-01 00:23 - 2014-03-01 00:23 - 00003256 _____ () C:\Windows\System32\Tasks\MySearchDial 2014-03-01 00:23 - 2014-03-01 00:23 - 00003256 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-03-01 00:23 - 2014-03-01 00:23 - 00000304 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-01 00:23 - 2014-03-01 00:23 - 00000047 _____ () C:\Users\Frederik\AppData\Roaming\WB.CFG 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\mysearchdial 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\DigitalSites 2014-03-01 00:23 - 2014-03-01 00:23 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial 2014-03-01 00:18 - 2013-01-02 10:07 - 00000000 ___RD () C:\Users\Frederik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-01 00:17 - 2013-01-02 15:37 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-03-01 00:16 - 2014-03-01 00:16 - 37660568 _____ (Dropbox, Inc.) C:\Users\Frederik\Downloads\Dropbox 2.6.2.exe 2014-03-01 00:07 - 2014-03-01 00:07 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\DropboxMaster 2014-03-01 00:07 - 2013-01-02 15:44 - 00001029 _____ () C:\Users\Frederik\Desktop\Dropbox Frederik.lnk 2014-02-28 22:25 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-02-28 21:40 - 2013-01-02 19:15 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\vlc 2014-02-28 19:18 - 2013-01-02 02:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2014-02-28 19:18 - 2013-01-02 02:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2014-02-28 19:18 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-28 12:40 - 2014-02-28 12:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf 2014-02-28 03:00 - 2013-02-19 11:53 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-02-28 03:00 - 2013-01-02 18:50 - 00000000 ____D () C:\ProgramData\Skype 2014-02-26 13:25 - 2013-01-02 15:34 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 2014-02-26 13:25 - 2013-01-02 15:34 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 2014-02-24 12:05 - 2013-05-11 11:01 - 00117328 _____ () C:\Users\Admin2.Aqui-Lenovo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-24 12:05 - 2013-05-11 11:01 - 00000000 ____D () C:\Users\Admin2.Aqui-Lenovo\AppData\Local\Adobe 2014-02-22 23:54 - 2014-01-15 21:33 - 00001230 _____ () C:\Users\Frederik\Desktop\Amazon Cloud Player.lnk 2014-02-22 23:54 - 2014-01-15 21:33 - 00000000 ____D () C:\Users\Frederik\AppData\Local\Amazon Cloud Player 2014-02-21 19:27 - 2014-02-21 19:27 - 00000000 ____D () C:\Users\Frederik\DxReport 2014-02-21 19:26 - 2014-02-21 19:26 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\LaunchPad 2014-02-21 12:31 - 2013-09-19 22:31 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-02-21 12:31 - 2013-01-01 20:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 12:31 - 2013-01-01 20:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 12:31 - 2013-01-01 20:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-20 21:52 - 2013-09-25 14:48 - 00000000 ____D () C:\Program Files (x86)\HP 2014-02-20 21:52 - 2013-09-25 14:47 - 00000000 ____D () C:\ProgramData\HP 2014-02-20 10:32 - 2014-02-20 10:09 - 00000000 ____D () C:\Users\Frederik\Desktop\Knoche 2014-02-19 22:00 - 2013-12-24 11:07 - 00000432 _____ () C:\Windows\BRWMARK.INI 2014-02-19 19:27 - 2014-02-19 19:26 - 00000000 ____D () C:\Users\Frederik\Documents\ScansHP 2014-02-18 23:49 - 2014-02-18 23:48 - 59319576 _____ () C:\Users\Frederik\Downloads\HP-ePrint-win-4.6.60.12747.exe 2014-02-18 23:33 - 2010-11-21 04:47 - 00234020 _____ () C:\Windows\PFRO.log 2014-02-18 23:17 - 2014-02-18 23:17 - 02296864 _____ () C:\Users\Frederik\Downloads\OJ4620_R1341D.exe 2014-02-18 22:39 - 2014-02-18 22:27 - 00000000 ____D () C:\Users\Frederik\AppData\Local\HP 2014-02-18 22:27 - 2014-02-18 22:27 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-02-18 22:26 - 2014-02-18 22:26 - 30360152 _____ () C:\Users\Frederik\Downloads\OJ4620_Basicx64_1315.exe 2014-02-18 22:16 - 2013-01-02 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 09:02 - 2013-01-02 18:42 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-17 09:02 - 2013-01-02 18:42 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-16 20:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-16 18:54 - 2014-01-30 20:38 - 00001105 _____ () C:\Users\Public\Desktop\AnyDVD.lnk 2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 17:34 - 2013-02-05 20:34 - 00000000 ____D () C:\Users\Frederik\AppData\Roaming\dvdcss 2014-02-16 08:45 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-16 08:44 - 2013-01-01 23:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 08:26 - 2014-02-16 08:19 - 00000000 ____D () C:\Users\Frederik\Desktop\sampler 2014-02-15 23:36 - 2013-01-02 22:58 - 00000000 ____D () C:\Users\Frederik\Desktop\ToDo 2014-02-15 22:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys 2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys 2014-02-12 18:16 - 2014-02-12 18:16 - 00009620 _____ () C:\Users\Frederik\Documents\Handy Eltern.xlsx 2014-02-12 16:05 - 2013-01-02 00:47 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-12 16:01 - 2013-01-02 17:48 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-12 16:00 - 2009-07-14 03:34 - 00000527 _____ () C:\Windows\win.ini 2014-02-10 19:45 - 2014-02-10 19:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll 2014-02-06 13:16 - 2014-02-12 15:59 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 12:30 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 12:30 - 2014-02-12 15:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 12:12 - 2014-02-12 15:59 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 12:07 - 2014-02-12 15:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 12:06 - 2014-02-12 15:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 11:57 - 2014-02-12 15:59 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 11:56 - 2014-02-12 15:59 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 11:52 - 2014-02-12 15:59 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 11:49 - 2014-02-12 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 11:48 - 2014-02-12 15:59 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 11:48 - 2014-02-12 15:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 11:38 - 2014-02-12 15:59 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 11:32 - 2014-02-12 15:59 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 11:20 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 11:17 - 2014-02-12 15:59 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 11:11 - 2014-02-12 15:59 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 11:01 - 2014-02-12 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 11:00 - 2014-02-12 15:59 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-12 15:59 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 10:57 - 2014-02-12 15:59 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:52 - 2014-02-12 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 10:52 - 2014-02-12 15:59 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 10:50 - 2014-02-12 15:59 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:49 - 2014-02-12 15:59 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 10:47 - 2014-02-12 15:59 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 10:46 - 2014-02-12 15:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 10:25 - 2014-02-12 15:59 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 10:25 - 2014-02-12 15:59 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 10:24 - 2014-02-12 15:59 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 10:22 - 2014-02-12 15:59 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 10:13 - 2014-02-12 15:59 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 10:09 - 2014-02-12 15:59 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 10:03 - 2014-02-12 15:59 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 09:55 - 2014-02-12 15:59 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:41 - 2014-02-12 15:59 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 09:40 - 2014-02-12 15:59 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 09:36 - 2014-02-12 15:59 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 09:34 - 2014-02-12 15:59 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-04 22:57 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-02-04 22:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-02-03 23:20 - 2014-02-03 23:20 - 00009363 _____ () C:\Users\Frederik\Documents\Tel1.xlsx Some content of TEMP: ==================== C:\Users\Frederik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm6wdnn.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 00:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02 Ran by Frederik at 2014-03-01 09:54:24 Running from C:\Users\Frederik\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Enabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AS: Kaspersky Internet Security (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF} ==================== Installed Programs ====================== 24h Fotoservice Weckbrodt (HKCU\...\311548559.client.my-silverx.com) (Version: - client.my-silverx.com) 24h Fotoservice Weckbrodt (HKLM-x32\...\24h Fotoservice Weckbrodt) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo) Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.8 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (x32 Version: 9.0.1 - Adobe Systems Incorporated) Hidden Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.3.0 - SlySoft) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - ) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.) Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2012.0504.2334.40448 - ATI) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0504.2334.40448 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Dutch (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help English (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help French (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help German (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Italian (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Japanese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Korean (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Portuguese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Spanish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Swedish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2012.0504.2334.40448 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.) Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WP-4545 Series Printer Uninstall (HKLM\...\EPSON WP-4545 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) EXIF Date Changer v3.01 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HP Smart Print 2.1 (HKLM-x32\...\{AC6057B3-631D-45F1-8E1F-5160ADD01D08}) (Version: 2.1.0.235 - Hewlett-Packard) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM-x32\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH) Intel(R) Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel) Intel(R) Network Connections 18.2.63.0 (Version: 18.2.63.0 - Intel) Hidden Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.1.9.400 - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - ) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mobile Broadband drivers (HKLM\...\{83970716-909C-4FBC-9CF5-AD842758BBA0}) (Version: 6.1.10.5 - Ericsson AB) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON) Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG) Nero 11 Cliparts (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG) Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.19400 - Nero AG) Hidden Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Recode 11 (x32 Version: 5.2.11300.0.0 - Nero AG) Hidden Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden Nero Video 11 (x32 Version: 8.2.16000.4.100 - Nero AG) Hidden Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden NVIDIA nView Desktop Manager (Version: 121.20 - NVIDIA Corporation) Hidden OLXWord (HKLM-x32\...\{5A45BA95-7699-4EE2-8B94-06BBBCE2C1D3}) (Version: 4.0.0 - GANGL Dienstleistungen (www.gangl.de)) Password Safe and Repository 6 (HKLM\...\{10668AA3-490D-46C1-B606-A621451998EF}) (Version: 6.4.2.2162 - MATESO GmbH) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Prüfungstraining interaktiv Heilpraktiker für Psychotherapie (HKLM-x32\...\{DD4512D7-AE04-46A8-8D29-0BFC63031B33}) (Version: 1.0.0 - Elsevier GmbH) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH) Schreibmaschinenkurs 3.6 (HKLM-x32\...\{A31B67DF-78AB-478B-8315-4C35278FE9C3}) (Version: 3.6 - Freudenreich) Secure Download Manager (HKLM-x32\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SilverFast 8.0.1r30 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.0.1r30 - LaserSoft Imaging AG) SilverFast HDRStudio 6.6.2r5 (HKLM-x32\...\SilverFast HDRStudio) (Version: - LaserSoft Imaging AG) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - ) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.1616.206 - ALPS ELECTRIC CO., LTD.) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.10.0.0 - Lenovo) ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.9 - Lenovo) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vista Fotobuch (HKCU\...\ef87663cbb7e0fd3) (Version: 1.16.10.0 - my-photonet) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Waterfox (HKLM\...\{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}) (Version: 18.0.1 - Waterfox Limited) Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden windata 8 (HKLM-x32\...\{31673EDC-1AEB-444C-A28C-B7083E0E7312}) (Version: 08.08.0000 - windata GmbH & Co.KG) windata Systemkomponenten (HKLM-x32\...\{059D9D8C-BEB1-4496-8447-91F79AD272C2}) (Version: 07.07.0000 - windata GmbH & Co.KG) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Wings Platinum 4 (HKLM-x32\...\{BBFF1DB6-55F9-41CA-B4C4-9432EC14AEFB}) (Version: 4.25.2 - AV Stumpfl) ==================== Restore Points ========================= 26-02-2014 12:29:16 Windows Update 28-02-2014 02:00:10 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-04-28 11:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1D9D7C2A-6263-4061-B071-E574CB02F735} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {209019A3-1463-4EB5-A2B3-74C81F96C2FA} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation) Task: {2586A9D0-3A7C-443F-B6F3-83DF8D481AF5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {27447FD8-5B72-450C-B91A-46E080D39A04} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {2C457B6F-3CDD-4A60-88C1-59D51044A69C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3FB928D9-71EB-40D3-A781-6523891784EC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {4CA1D91A-CF77-48EE-9D0F-4AD108405AC0} - System32\Tasks\{2E900093-7BBB-4A94-96EF-C8A09D1BD7D7} => C:\Users\Frederik\Desktop\CScan\zoek.exe Task: {5BF08A0A-2379-4FB4-BEA5-E5FB213B1098} - System32\Tasks\Amazon Music Helper => C:\Users\Frederik\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2014-01-14] () Task: {60795FE4-52E5-45FD-9E0E-54B2ECC0FED3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02] (Google Inc.) Task: {7C651198-860B-4916-9F81-DD41A78192D2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {7CABC91B-4D5E-4690-9343-4B4303DE4381} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {8509E5A6-33CB-4B69-830B-ACCF72A4BE61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {88416939-42F3-4357-9F6E-5D94C1CBB3F9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {A141EE4C-CAE9-4F85-9D75-D17C3E310B21} - System32\Tasks\AdobeAAMUpdater-1.0-Aqui-Lenovo-Admin2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {A6E0C07B-3839-45FA-9D62-81BDB46872F6} - System32\Tasks\MySearchDial => C:\Users\Frederik\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {AB9A304E-C5E5-4726-8696-CBB0247329E2} - System32\Tasks\Digital Sites => C:\Users\Frederik\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {B820127D-54B5-4488-BEB1-104A76AFC270} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation) Task: {BC62559A-6DEF-448C-817C-F770CE5ED4D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02] (Google Inc.) Task: {C7284462-9C86-474E-B778-2188F137FFE4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {CBE8E15C-468E-4896-9C96-1A0A282A2812} - System32\Tasks\{8EC6E4EB-5D37-455E-A46F-CB6E378F1536} => C:\Users\Frederik\Desktop\CScan\zoek.exe Task: {CEBB7253-8988-4F98-BEF0-04A64DC671F6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {E0E98390-E51A-4BD4-9789-68BBEB4D3C5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {F3061008-0FFE-4BFF-AD60-9F5C1BFA0A42} - System32\Tasks\AdobeAAMUpdater-1.0-Aqui-Lenovo-Frederik => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {F83D03B5-36D0-426A-853D-A96158696686} - System32\Tasks\Intel_C_CVMP216401R3180CGN => C:\Program Files (x86)\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [2013-10-09] (Intel) Task: {FAD9623F-1E76-4F1F-9F33-6CE7C094180D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Frederik\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Frederik\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-07-30 09:37 - 2012-01-16 16:54 - 00545280 _____ () C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe 2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2009-10-09 13:36 - 2009-10-09 13:36 - 00438272 ____R () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe 2014-01-15 21:33 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\Frederik\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2013-08-04 13:00 - 2013-08-04 13:00 - 00075864 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe 2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-05-04 23:33 - 2012-05-04 23:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-01 09:48 - 2014-03-01 09:49 - 00050477 _____ () C:\Users\Frederik\Downloads\Defogger.exe 2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-02 12:15 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll 2013-07-30 09:37 - 2012-01-10 10:09 - 00159744 _____ () C:\Program Files (x86)\KlimaLoggPro\sHID.dll 2012-08-23 00:42 - 2012-08-23 00:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\MBMDebug.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-03-01 08:56 - 2014-03-01 08:56 - 00041984 _____ () c:\users\frederik\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm6wdnn.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Frederik\AppData\Roaming\Dropbox\bin\libcef.dll 2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-08-23 03:35 - 2012-08-23 03:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2012-08-23 03:31 - 2012-08-23 03:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2012-07-24 14:48 - 2012-07-24 14:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll 2011-04-24 22:13 - 2011-04-24 22:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll 2011-04-20 18:56 - 2011-04-20 18:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll 2012-09-19 11:40 - 2012-09-19 11:40 - 01013088 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtNetwork4.dll 2012-09-19 11:40 - 2012-09-19 11:40 - 02610016 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtCore4.dll 2012-09-19 11:40 - 2012-09-19 11:40 - 00388960 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtXml4.dll 2013-07-18 10:28 - 2013-07-18 10:28 - 00407328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\sqlite3.dll 2013-07-18 10:28 - 2013-07-18 10:28 - 00328992 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\log4cplus.dll 2013-07-18 10:28 - 2013-07-18 10:28 - 00028448 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\osEvents.dll 2013-07-18 10:27 - 2013-07-18 10:27 - 00202528 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\libgsoap.dll 2012-09-19 11:41 - 2012-09-19 11:41 - 00068960 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\zlib1.dll 2013-07-18 10:29 - 2013-07-18 10:29 - 00473376 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\plugin\PServerPlugin.dll 2012-09-19 11:43 - 2012-09-19 11:43 - 14984544 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtWebKit4.dll 2012-09-19 11:43 - 2012-09-19 11:43 - 00324448 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\phonon4.dll 2012-09-19 11:40 - 2012-09-19 11:40 - 09231200 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtGui4.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-09-03 14:54 - 2013-09-03 14:54 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll 2013-09-03 14:54 - 2013-09-03 14:54 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2014-02-16 18:52 - 2014-02-16 18:52 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\startupreg: AnyDVD => "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe" MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe ==================== Faulty Device Manager Devices ============= Name: Officejet 4620 series Description: Officejet 4620 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/01/2014 09:12:44 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (03/01/2014 08:56:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/28/2014 06:10:48 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Internet Explorer wurde wegen dieses Fehlers geschlossen. Programm: Internet Explorer Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (02/28/2014 06:10:48 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16518, Zeitstempel: 0x52f347b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000096 Fehleroffset: 0x036c0ff2 ID des fehlerhaften Prozesses: 0x2ac4 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (02/28/2014 06:10:48 PM) (Source: Application Error) (User: ) Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm Internet Explorer wurde wegen dieses Fehlers geschlossen. Programm: Internet Explorer Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error: (02/28/2014 06:10:48 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16518, Zeitstempel: 0x52f347b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000001d Fehleroffset: 0x02c60fe0 ID des fehlerhaften Prozesses: 0x2a34 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (02/28/2014 06:04:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16518, Zeitstempel: 0x52f347b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03be0ff1 ID des fehlerhaften Prozesses: 0x39a0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (02/28/2014 01:10:23 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (02/28/2014 00:30:36 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/27/2014 06:24:17 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 System errors: ============= Error: (03/01/2014 08:56:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/01/2014 08:56:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (03/01/2014 08:54:54 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 01.03.2014 um 00:44:48 unerwartet heruntergefahren. Error: (02/28/2014 11:04:29 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (02/28/2014 11:04:29 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (02/28/2014 10:58:23 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/28/2014 10:58:15 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/28/2014 10:57:52 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/28/2014 10:57:22 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/28/2014 09:01:26 PM) (Source: Ntfs) (User: ) Description: Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Microsoft Office Sessions: ========================= Error: (03/01/2014 09:12:44 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (03/01/2014 08:56:33 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/28/2014 06:10:48 PM) (Source: Application Error)(User: ) Description: Internet Explorer000000000 Error: (02/28/2014 06:10:48 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c0000096036c0ff22ac401cf34746c384beeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown4423d0c8-a09b-11e3-84ec-0c6076882089 Error: (02/28/2014 06:10:48 PM) (Source: Application Error)(User: ) Description: Internet Explorer000000000 Error: (02/28/2014 06:10:48 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c000001d02c60fe02a3401cf34749477299aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown44224a22-a09b-11e3-84ec-0c6076882089 Error: (02/28/2014 06:04:44 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c000000503be0ff139a001cf349579a2e125C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown6b2e4f06-a09a-11e3-84ec-0c6076882089 Error: (02/28/2014 01:10:23 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (02/28/2014 00:30:36 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe Error: (02/27/2014 06:24:17 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 CodeIntegrity Errors: =================================== Date: 2014-01-13 14:28:40.861 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:28:40.705 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:13:01.472 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:13:01.284 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:08:47.144 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:08:46.629 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 13:35:41.502 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 13:35:41.378 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-28 12:58:14.986 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-28 12:58:14.940 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 8088.03 MB Available physical RAM: 5024 MB Total Pagefile: 16174.23 MB Available Pagefile: 12887.07 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:167.58 GB) (Free:12.11 GB) NTFS Drive n: (Groupshare) (Network) (Total:1832.31 GB) (Free:555.58 GB) NTFS Drive u: (Frederik) (Network) (Total:1832.31 GB) (Free:555.58 GB) NTFS Drive z: (Data) (Network) (Total:1832.31 GB) (Free:555.58 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 612212B7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Der GMER-Log ist im Anhang beigefügt |
|
01.03.2014, 12:16
| #2 |
| /// TB-Ausbilder   | Mysearchdial läßt sich nicht entfernen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
|
01.03.2014, 20:16
| #3 |
| | Mysearchdial läßt sich nicht entfernen Lieber Matthias,
__________________Herzlichen Dank. unglaublich wie tief sich dieser Mist in registry und den Rechner gräbt. AdwarecleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.020 - Bericht erstellt am 01/03/2014 um 18:26:29
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Normal - IQ-LENOVO
# Gestartet von : C:\Users\Normal\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial
Ordner Gelöscht : C:\Users\Normal\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Normal\AppData\Roaming\Mysearchdial
Datei Gelöscht : C:\Users\F. Haffner\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Admin2.IQ-Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\F. Haffner\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\user.js
Datei Gelöscht : C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\user.js
Datei Gelöscht : C:\Users\Admin2.IQ-Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\user.js
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\FLEXnet
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\F. Haffner\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
[ Datei : C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\prefs.js ]
Zeile gelöscht : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dsites0301");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StCtC0C0A0F0CzzzztGyDyC0EtBtGy[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1056549232");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "9CD359032F9BD274C3E5E74FB0668D94");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "0C6076882089BC14");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16130");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "0211_b");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.00:23:1");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDt[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.00:23:1");
[ Datei : C:\Users\Admin2.IQ-Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v
[ Datei : C:\Users\Normal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [14032 octets] - [01/03/2014 18:21:47]
AdwCleaner[S0].txt - [12401 octets] - [01/03/2014 18:26:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12462 octets] ##########
JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x64 Ran by Normal on 01.03.2014 at 18:33:55,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DARK SIDE OF THE MOON LYRICS pdf_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DARK SIDE OF THE MOON LYRICS pdf_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DARK SIDE OF THE MOON LYRICS pdf_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DARK SIDE OF THE MOON LYRICS pdf_RASMANCS ~~~ Files Successfully deleted: [File] "C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\startmenu\startfenster.lnk" Successfully deleted: [File] "C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk" ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Normal\AppData\Roaming\mozilla\firefox\profiles\kfb8oecp.default\minidumps [11 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.03.2014 at 18:46:20,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwareebytes Log Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware Datenbank Version: v2014.03.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Normal :: IQ-LENOVO [Administrator] 01.03.2014 19:02:15 mbam-log-2014-03-01 (19-02-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285514 Laufzeit: 4 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\$RECYCLE.BIN\S-1-5-21-2356296840-1857682401-3091679653-1003\$R4XSZAD.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-2356296840-1857682401-3091679653-1003\$RY390FC\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ============================================= Zoek log Zoek.exe v5.0.0.0 Updated 19-February-2014 Tool run by Normal on 01.03.2014 at 19:44:51,97. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Normal\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-03-01-183107.log 45984 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2356296840-1857682401-3091679653-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ADMIN2~1.AQ~\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\prefs.js: user_pref("keyword.URL", ""); Added to C:\Users\ADMIN2~1.AQ~\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.google.com"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\F7D0F~1.HAF\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\prefs.js: user_pref("keyword.URL", ""); Added to C:\Users\F7D0F~1.HAF\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.google.com"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\prefs.js: user_pref("browser.startup.homepage", "https://www.google.de/"); user_pref("browser.search.suggest.enabled", false); Added to C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.google.com"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\ADMIN2~1.AQ~\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1958_.backup ProfilePath: C:\Users\F7D0F~1.HAF\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs__1958_.backup ProfilePath: C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default user.js not found ---- Lines mysearch removed from prefs.js ---- user_pref("extensions.irmysearch.aflt", "dsites0301"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutD0CyCtDyByCzzzztBtDzzzy0B0CtCyEtN0D0Tzu0SyBzytDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1 user_pref("extensions.irmysearch.cr", "1056549232"); user_pref("extensions.irmysearch.instlRef", "0211_b"); ---- Lines extensions.514ed25a756c2 removed from prefs.js ---- user_pref("extensions.514ed25a756c2.epoch", "1365543697"); user_pref("extensions.514ed25a756c2.url", "hxxp://jpigetjson.info/sync/?ext=btos&pid=826&country=DE®d=130324101554&lsd=130408213849&ind=3276425144& ---- FireFox user.js and prefs.js backups ---- prefs__1958_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~3\eSellerate deleted C:\Users\Normal\Favorites\Startfenster.lnk deleted C:\Users\Normal\Favorites\Links\Startfenster.lnk deleted C:\Users\Normal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk deleted C:\PROGRA~3\KlimaLogg.dat1.tmp deleted C:\windows\SysNative\tasks\Digital Sites deleted C:\Windows\tasks\Digital Sites.job deleted C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\CT2504091 deleted "C:\ProgramData\KlimaLoggServiceDataStore" deleted "C:\ProgramData\T23J7" deleted "C:\ProgramData\V36QQ" deleted "C:\ProgramData\V93GE" deleted "C:\Users\ADMIN2~1.AQ~\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\extensions\staged" deleted "C:\Users\F7D0F~1.HAF\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\extensions\staged" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [17.09.2013 23:05] ==== Firefox Extensions ====================== ProfilePath: C:\Users\F7D0F~1.HAF\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default - Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn ProfilePath: C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default - RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext - HP Smart Print - %ProfilePath%\extensions\hpwebprint@hpwebprint.com - Deutsch DE Language Pack - %ProfilePath%\extensions\langpack-de@firefox.mozilla.org.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Anti-Banner - %AppDir%\extensions\KavAntiBanner@Kaspersky.ru - Anti-Banner - %AppDir%\extensions\KavAntiBanner@kaspersky.ru_bak2 - Modul zur Link-Untersuchung - %AppDir%\extensions\linkfilter@kaspersky.ru - Modul zur Link-Untersuchung - %AppDir%\extensions\linkfilter@kaspersky.ru_bak2 - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx[11.05.2013 11:26] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14.08.2013 14:24] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx[11.05.2013 11:26] mikhcaiakabeeokmenglcdebplfdjicn - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx[18.07.2012 20:36] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx[25.04.2011 19:57] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.de/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.de/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\Normal\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10668AA3-490D-46C1-B606-A621451998EF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10633123-9326-D700-FD3A-5854AA725E9D} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin2.IQ-Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Admin2.IQ-Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Normal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Normal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\ADMIN2~1.AQ~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ADMIN2~1.AQ~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Admin2.IQ-Lenovo\AppData\Local\Mozilla\Firefox\Profiles\bmom0aue.default\Cache emptied successfully C:\Users\Normal\AppData\Local\Mozilla\Firefox\Profiles\kfb8oecp.default\Cache emptied successfully C:\Users\ADMIN2~1.AQ~\AppData\Local\Mozilla\Firefox\Profiles\bmom0aue.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=488 folders=69 45486001 bytes) ==== Empty Temp Folders ====================== C:\Users\Admin2.IQ-Lenovo\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\F. Haffner\AppData\Local\temp emptied successfully C:\Users\Normal\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\ADMIN2~1.AQ~\AppData\Local\temp emptied successfully C:\Users\F7D0F~1.HAF\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Normal\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\KlimaLoggServiceDataStoresearch" not found ==== EOF on 01.03.2014 at 20:09:07,90 ====================== |
|
02.03.2014, 11:29
| #4 |
| /// TB-Ausbilder | Mysearchdial läßt sich nicht entfernen Servus, ja, dieser "Mist" ist oft so tief verwurzelt, dass man das manuell kaum wegbekommt...  Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu jeweils einen Haken bei Addition.txt und Shortcut.txt rechts unten und klicke auf Scan. Es werden drei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
02.03.2014, 12:48
| #5 |
| | Mysearchdial läßt sich nicht entfernen Danke Matthias, auch für die Einbeziehung von IMesh. Dieses Teilchen fing ich mir gestern wohl durch eine Redirect auf der Pony Seite ein, als ich gestern die Eliminierungsdateien runterladen wollte, oder ich kam bei der Seite auf das Werbungsfeld. Habe alle Schritte ausgeführt. Mir sind keine Probleme durch Malware oder ähnliches aufgefallen. Das log Shortcut.txt ist mit ca. 350kb zu groß und läßt sich weder einkopieren noch als Anhang beifügen. Hier erst mal die anderen logs. Grüße Blueribbon Anbei die Logfiles FRST / Addition / systemlook: a FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Normal (administrator) on IQ-LENOVO on 02-03-2014 11:59:07
Running from C:\Users\Normal\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
() C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
() C:\Users\Normal\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\Normal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [248320 2009-12-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-02-26] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2012-01-13] (Nero AG)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [avp] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-05-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [Amazon Cloud Player] - C:\Users\Normal\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-2356296840-1857682401-3091679653-1003\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-02-13] (SlySoft, Inc.)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Admin2.IQ-Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwu.cmd ()
Startup: C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Normal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwu.cmd ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 09 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 10 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 11 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 23 C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{034489EE-45F3-4703-A981-EC1F2CA86A03}: [NameServer]139.7.30.126 139.7.30.125
FireFox:
========
FF ProfilePath: C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HP Smart Print - C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\Extensions\hpwebprint@hpwebprint.com [2013-09-25]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2013-03-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2014-02-16]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-02-16]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2014-02-16]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-02]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013-05-11]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013-05-11]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-25]
==================== Services (Whitelisted) =================
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2013-05-11] (Kaspersky Lab ZAO)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [545280 2012-01-16] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-09-17] (SPEEDbit)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [438272 2009-10-09] ()
S4 ApRunSvc; C:\Program Files\Apoint2K\ApRunSvc.exe [X]
S2 HPSLPSVC; C:\Users\Normal\AppData\Local\Temp\7zS4AEE\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2014-02-13] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138152 2014-02-13] (SlySoft, Inc.)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 e36gbus; C:\Windows\System32\DRIVERS\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
R3 e36gmdfl; C:\Windows\System32\DRIVERS\e36gmdfl.sys [19456 2009-06-30] (MCCI Corporation)
R3 e36gmdm; C:\Windows\System32\DRIVERS\e36gmdm.sys [432128 2009-06-30] (MCCI Corporation)
R3 e36gmgmt; C:\Windows\System32\DRIVERS\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
R3 e36wgps; C:\Windows\System32\DRIVERS\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-09-22] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-09-22] (Ericsson AB)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-05-11] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-08-20] (RapidSolution Software AG)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-01-03] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-01-03] (Acronis)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [259624 2009-10-13] (Ericsson AB)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-01 20:50 - 2014-03-01 20:50 - 00002044 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2014-03-01 20:32 - 2014-03-01 20:32 - 42105104 _____ (Intel Corporation) C:\Users\Normal\Downloads\Intel SSD Toolbox - v3.2.1.exe
2014-03-01 20:09 - 2014-03-01 20:16 - 00014375 _____ () C:\Users\Normal\Downloads\zoek-results2.txt
2014-03-01 20:07 - 2014-03-01 20:07 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore
2014-03-01 20:06 - 2014-03-01 19:44 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-01 19:45 - 2014-03-01 19:31 - 00045984 _____ () C:\zoek-results2014-03-01-183107.log
2014-03-01 19:36 - 2014-03-01 19:36 - 00045834 _____ () C:\Users\Normal\Downloads\zoek-results.txt
2014-03-01 19:25 - 2014-03-01 20:09 - 00014417 _____ () C:\zoek-results.log
2014-03-01 19:24 - 2014-03-01 19:59 - 00000000 ____D () C:\zoek_backup
2014-03-01 19:23 - 2014-03-01 19:23 - 01284608 _____ () C:\Users\Normal\Downloads\zoek.exe
2014-03-01 18:59 - 2014-03-01 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Normal\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 18:59 - 2014-03-01 18:59 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\Malwarebytes
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 18:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 18:55 - 2014-03-01 19:41 - 00001893 _____ () C:\Users\Normal\Downloads\JRT.txt
2014-03-01 18:46 - 2014-03-01 18:46 - 00001901 _____ () C:\Users\Normal\Desktop\JRT.txt
2014-03-01 18:33 - 2014-03-01 18:33 - 00012539 _____ () C:\Users\Normal\Downloads\AdwCleaner[S0].txt
2014-03-01 18:32 - 2014-03-01 18:32 - 01037734 _____ (Thisisu) C:\Users\Normal\Downloads\JRT.exe
2014-03-01 18:25 - 2014-03-01 18:25 - 00014032 _____ () C:\Users\Normal\Downloads\AdwCleaner[R0].txt
2014-03-01 18:21 - 2014-03-01 18:26 - 00000000 ____D () C:\AdwCleaner
2014-03-01 18:21 - 2014-03-01 18:21 - 01244192 _____ () C:\Users\Normal\Downloads\adwcleaner.exe
2014-03-01 11:39 - 2014-03-01 12:26 - 00012440 _____ () C:\Users\Normal\Downloads\Gmer.log
2014-03-01 11:03 - 2014-03-01 11:03 - 00300072 _____ () C:\Windows\Minidump\030114-15319-01.dmp
2014-03-01 10:16 - 2014-03-01 10:16 - 00300072 _____ () C:\Windows\Minidump\030114-15584-01.dmp
2014-03-01 10:05 - 2014-03-01 10:05 - 00380416 _____ () C:\Users\Normal\Downloads\Gmer-19357.exe
2014-03-01 09:54 - 2014-03-01 09:55 - 00059518 _____ () C:\Users\Normal\Downloads\Addition.txt
2014-03-01 09:53 - 2014-03-02 11:59 - 00028414 _____ () C:\Users\Normal\Downloads\FRST.txt
2014-03-01 09:53 - 2014-03-02 11:59 - 00000000 ____D () C:\FRST
2014-03-01 09:52 - 2014-03-01 09:52 - 02155520 _____ (Farbar) C:\Users\Normal\Downloads\FRST64.exe
2014-03-01 09:49 - 2014-03-01 09:52 - 00000478 _____ () C:\Users\Normal\Downloads\defogger_disable.log
2014-03-01 09:48 - 2014-03-01 09:49 - 00050477 _____ () C:\Users\Normal\Downloads\Defogger.exe
2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Normal\Documents\My Received Files
2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\MusicNet
2014-03-01 00:41 - 2014-03-01 00:41 - 00000000 ____D () C:\Users\Normal\Ingeborg
2014-03-01 00:31 - 2014-03-01 00:31 - 00000000 ____D () C:\Users\Normal\Documents\DropboxPortableAHK_1.6.8
2014-03-01 00:23 - 2014-03-01 00:23 - 00000047 _____ () C:\Users\Normal\AppData\Roaming\WB.CFG
2014-03-01 00:16 - 2014-03-01 00:16 - 37660568 _____ (Dropbox, Inc.) C:\Users\Normal\Downloads\Dropbox 2.6.2.exe
2014-03-01 00:07 - 2014-03-01 00:07 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\DropboxMaster
2014-02-28 12:40 - 2014-02-28 12:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-21 19:27 - 2014-02-21 19:27 - 00000000 ____D () C:\Users\Normal\DxReport
2014-02-21 19:26 - 2014-02-21 19:26 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\LaunchPad
2014-02-20 10:09 - 2014-02-20 10:32 - 00000000 ____D () C:\Users\Normal\Desktop\Knoche
2014-02-19 19:26 - 2014-02-19 19:27 - 00000000 ____D () C:\Users\Normal\Documents\ScansHP
2014-02-18 23:48 - 2014-02-18 23:49 - 59319576 _____ () C:\Users\Normal\Downloads\HP-ePrint-win-4.6.60.12747.exe
2014-02-18 23:17 - 2014-02-18 23:17 - 02296864 _____ () C:\Users\Normal\Downloads\OJ4620_R1341D.exe
2014-02-18 22:27 - 2014-02-18 22:39 - 00000000 ____D () C:\Users\Normal\AppData\Local\HP
2014-02-18 22:27 - 2014-02-18 22:27 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-02-18 22:26 - 2014-02-18 22:26 - 30360152 _____ () C:\Users\Normal\Downloads\OJ4620_Basicx64_1315.exe
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 08:19 - 2014-02-16 08:26 - 00000000 ____D () C:\Users\Normal\Desktop\sampler
2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-12 18:16 - 2014-02-12 18:16 - 00009620 _____ () C:\Users\Normal\Documents\Handy Eltern.xlsx
2014-02-12 16:00 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 16:00 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:59 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:59 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:59 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:59 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:59 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:59 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:59 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:59 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:59 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:59 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:59 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:59 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:59 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:59 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:59 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:59 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:59 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:59 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:59 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:59 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:59 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:59 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:59 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:59 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:59 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:59 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:59 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:59 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:59 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:59 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:59 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:59 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 10:41 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 10:41 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 10:41 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 10:41 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 10:41 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 10:41 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 10:41 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 10:41 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 10:41 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 10:41 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 10:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 10:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 10:41 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 10:41 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 10:41 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 10:41 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 10:41 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 10:41 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 10:41 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 10:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 10:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 10:41 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 10:41 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 10:41 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 10:41 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 10:41 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 10:41 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 10:41 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 19:45 - 2014-02-10 19:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-03 23:20 - 2014-02-03 23:20 - 00009363 _____ () C:\Users\Normal\Documents\Tel1.xlsx
==================== One Month Modified Files and Folders =======
2014-03-02 11:59 - 2014-03-01 09:53 - 00028414 _____ () C:\Users\Normal\Downloads\FRST.txt
2014-03-02 11:59 - 2014-03-01 09:53 - 00000000 ____D () C:\FRST
2014-03-02 11:58 - 2013-05-11 11:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-02 11:58 - 2013-01-02 14:01 - 00000000 ____D () C:\Users\Normal\Documents\Outlook-Dateien
2014-03-02 11:31 - 2013-01-01 20:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 11:24 - 2013-01-02 19:15 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\vlc
2014-03-02 11:07 - 2013-01-02 18:42 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 09:49 - 2013-01-02 10:07 - 00000000 ____D () C:\Users\Normal\AppData\Local\Adobe
2014-03-02 09:47 - 2009-07-14 05:45 - 00036160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 09:47 - 2009-07-14 05:45 - 00036160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 09:42 - 2013-01-01 17:43 - 01751654 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 09:40 - 2013-01-02 18:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 09:40 - 2013-01-02 15:44 - 00000000 ___RD () C:\Users\Normal\Dropbox
2014-03-02 09:40 - 2013-01-02 15:37 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\Dropbox
2014-03-02 09:40 - 2013-01-02 15:34 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003
2014-03-02 09:40 - 2013-01-02 15:34 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003
2014-03-02 09:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 09:39 - 2009-07-14 05:51 - 00118640 _____ () C:\Windows\setupact.log
2014-03-01 21:40 - 2013-08-07 22:02 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003
2014-03-01 21:40 - 2013-08-07 22:02 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003
2014-03-01 20:50 - 2014-03-01 20:50 - 00002044 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2014-03-01 20:32 - 2014-03-01 20:32 - 42105104 _____ (Intel Corporation) C:\Users\Normal\Downloads\Intel SSD Toolbox - v3.2.1.exe
2014-03-01 20:32 - 2013-01-29 13:29 - 00001284 _____ () C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
2014-03-01 20:16 - 2014-03-01 20:09 - 00014375 _____ () C:\Users\Normal\Downloads\zoek-results2.txt
2014-03-01 20:09 - 2014-03-01 19:25 - 00014417 _____ () C:\zoek-results.log
2014-03-01 20:07 - 2014-03-01 20:07 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore
2014-03-01 20:07 - 2010-11-21 04:47 - 00236446 _____ () C:\Windows\PFRO.log
2014-03-01 19:59 - 2014-03-01 19:24 - 00000000 ____D () C:\zoek_backup
2014-03-01 19:44 - 2014-03-01 20:06 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-01 19:41 - 2014-03-01 18:55 - 00001893 _____ () C:\Users\Normal\Downloads\JRT.txt
2014-03-01 19:36 - 2014-03-01 19:36 - 00045834 _____ () C:\Users\Normal\Downloads\zoek-results.txt
2014-03-01 19:31 - 2014-03-01 19:45 - 00045984 _____ () C:\zoek-results2014-03-01-183107.log
2014-03-01 19:23 - 2014-03-01 19:23 - 01284608 _____ () C:\Users\Normal\Downloads\zoek.exe
2014-03-01 18:59 - 2014-03-01 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Normal\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-01 18:59 - 2014-03-01 18:59 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\Malwarebytes
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 18:59 - 2014-03-01 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 18:46 - 2014-03-01 18:46 - 00001901 _____ () C:\Users\Normal\Desktop\JRT.txt
2014-03-01 18:33 - 2014-03-01 18:33 - 00012539 _____ () C:\Users\Normal\Downloads\AdwCleaner[S0].txt
2014-03-01 18:32 - 2014-03-01 18:32 - 01037734 _____ (Thisisu) C:\Users\Normal\Downloads\JRT.exe
2014-03-01 18:26 - 2014-03-01 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-01 18:25 - 2014-03-01 18:25 - 00014032 _____ () C:\Users\Normal\Downloads\AdwCleaner[R0].txt
2014-03-01 18:21 - 2014-03-01 18:21 - 01244192 _____ () C:\Users\Normal\Downloads\adwcleaner.exe
2014-03-01 12:26 - 2014-03-01 11:39 - 00012440 _____ () C:\Users\Normal\Downloads\Gmer.log
2014-03-01 11:03 - 2014-03-01 11:03 - 00300072 _____ () C:\Windows\Minidump\030114-15319-01.dmp
2014-03-01 11:03 - 2013-01-10 13:00 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 10:20 - 2013-01-02 02:31 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-01 10:20 - 2013-01-02 02:31 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-01 10:20 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 10:16 - 2014-03-01 10:16 - 00300072 _____ () C:\Windows\Minidump\030114-15584-01.dmp
2014-03-01 10:05 - 2014-03-01 10:05 - 00380416 _____ () C:\Users\Normal\Downloads\Gmer-19357.exe
2014-03-01 09:55 - 2014-03-01 09:54 - 00059518 _____ () C:\Users\Normal\Downloads\Addition.txt
2014-03-01 09:52 - 2014-03-01 09:52 - 02155520 _____ (Farbar) C:\Users\Normal\Downloads\FRST64.exe
2014-03-01 09:52 - 2014-03-01 09:49 - 00000478 _____ () C:\Users\Normal\Downloads\defogger_disable.log
2014-03-01 09:49 - 2014-03-01 09:48 - 00050477 _____ () C:\Users\Normal\Downloads\Defogger.exe
2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Normal\Documents\My Received Files
2014-03-01 09:46 - 2014-03-01 09:46 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\MusicNet
2014-03-01 09:12 - 2013-01-02 16:54 - 00000902 _____ () C:\Users\Normal\Documents\psr6.lic
2014-03-01 00:41 - 2014-03-01 00:41 - 00000000 ____D () C:\Users\Normal\Ingeborg
2014-03-01 00:41 - 2013-01-02 10:07 - 00000000 ____D () C:\Users\Normal
2014-03-01 00:31 - 2014-03-01 00:31 - 00000000 ____D () C:\Users\Normal\Documents\DropboxPortableAHK_1.6.8
2014-03-01 00:23 - 2014-03-01 00:23 - 00000047 _____ () C:\Users\Normal\AppData\Roaming\WB.CFG
2014-03-01 00:18 - 2013-01-02 10:07 - 00000000 ___RD () C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 00:17 - 2013-01-02 15:37 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-01 00:16 - 2014-03-01 00:16 - 37660568 _____ (Dropbox, Inc.) C:\Users\Normal\Downloads\Dropbox 2.6.2.exe
2014-03-01 00:07 - 2014-03-01 00:07 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\DropboxMaster
2014-03-01 00:07 - 2013-01-02 15:44 - 00001029 _____ () C:\Users\Normal\Desktop\Dropbox Normal.lnk
2014-02-28 22:25 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-28 12:40 - 2014-02-28 12:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.Wdf
2014-02-28 03:00 - 2013-02-19 11:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-28 03:00 - 2013-01-02 18:50 - 00000000 ____D () C:\ProgramData\Skype
2014-02-24 12:05 - 2013-05-11 11:01 - 00117328 _____ () C:\Users\Admin2.IQ-Lenovo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 12:05 - 2013-05-11 11:01 - 00000000 ____D () C:\Users\Admin2.IQ-Lenovo\AppData\Local\Adobe
2014-02-22 23:54 - 2014-01-15 21:33 - 00001230 _____ () C:\Users\Normal\Desktop\Amazon Cloud Player.lnk
2014-02-22 23:54 - 2014-01-15 21:33 - 00000000 ____D () C:\Users\Normal\AppData\Local\Amazon Cloud Player
2014-02-21 19:27 - 2014-02-21 19:27 - 00000000 ____D () C:\Users\Normal\DxReport
2014-02-21 19:26 - 2014-02-21 19:26 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\LaunchPad
2014-02-21 12:31 - 2013-09-19 22:31 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 12:31 - 2013-01-01 20:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 12:31 - 2013-01-01 20:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 12:31 - 2013-01-01 20:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:52 - 2013-09-25 14:48 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-20 21:52 - 2013-09-25 14:47 - 00000000 ____D () C:\ProgramData\HP
2014-02-20 10:32 - 2014-02-20 10:09 - 00000000 ____D () C:\Users\Normal\Desktop\Knoche
2014-02-19 22:00 - 2013-12-24 11:07 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-02-19 19:27 - 2014-02-19 19:26 - 00000000 ____D () C:\Users\Normal\Documents\ScansHP
2014-02-18 23:49 - 2014-02-18 23:48 - 59319576 _____ () C:\Users\Normal\Downloads\HP-ePrint-win-4.6.60.12747.exe
2014-02-18 23:17 - 2014-02-18 23:17 - 02296864 _____ () C:\Users\Normal\Downloads\OJ4620_R1341D.exe
2014-02-18 22:39 - 2014-02-18 22:27 - 00000000 ____D () C:\Users\Normal\AppData\Local\HP
2014-02-18 22:27 - 2014-02-18 22:27 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-02-18 22:26 - 2014-02-18 22:26 - 30360152 _____ () C:\Users\Normal\Downloads\OJ4620_Basicx64_1315.exe
2014-02-18 22:16 - 2013-01-02 21:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 09:02 - 2013-01-02 18:42 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 09:02 - 2013-01-02 18:42 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 20:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 18:54 - 2014-01-30 20:38 - 00001105 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 17:34 - 2013-02-05 20:34 - 00000000 ____D () C:\Users\Normal\AppData\Roaming\dvdcss
2014-02-16 08:45 - 2013-08-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 08:44 - 2013-01-01 23:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 08:26 - 2014-02-16 08:19 - 00000000 ____D () C:\Users\Normal\Desktop\sampler
2014-02-15 23:36 - 2013-01-02 22:58 - 00000000 ____D () C:\Users\Normal\Desktop\ToDo
2014-02-15 22:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-13 14:44 - 2014-02-13 14:44 - 00138152 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-12 18:16 - 2014-02-12 18:16 - 00009620 _____ () C:\Users\Normal\Documents\Handy Eltern.xlsx
2014-02-12 16:05 - 2013-01-02 00:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 16:01 - 2013-01-02 17:48 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 16:00 - 2009-07-14 03:34 - 00000527 _____ () C:\Windows\win.ini
2014-02-10 19:45 - 2014-02-10 19:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-06 13:16 - 2014-02-12 15:59 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 15:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 15:59 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 15:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 15:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 15:59 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 15:59 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 15:59 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 15:59 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 15:59 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 15:59 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 15:59 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 15:59 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 15:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 15:59 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 15:59 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 15:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 15:59 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:59 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 15:59 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 15:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 15:59 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 15:59 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 15:59 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 15:59 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 15:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 15:59 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 15:59 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 15:59 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 15:59 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 15:59 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 15:59 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 15:59 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 15:59 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 15:59 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 15:59 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 15:59 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 15:59 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 22:57 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-04 22:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-03 23:20 - 2014-02-03 23:20 - 00009363 _____ () C:\Users\Normal\Documents\Tel1.xlsx
Some content of TEMP:
====================
C:\Users\Normal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjcypo.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-28 00:03
==================== End Of Log ============================
--- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02 Ran by Normal at 2014-03-02 11:59:33 Running from C:\Users\Normal\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Disabled - Up to date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AS: Kaspersky Internet Security (Disabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF} ==================== Installed Programs ====================== 24h Fotoservice Weckbrodt (HKCU\...\311548559.client.my-silverx.com) (Version: - client.my-silverx.com) 24h Fotoservice Weckbrodt (HKLM-x32\...\24h Fotoservice Weckbrodt) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo) Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (x32 Version: 9.0.1 - Adobe Systems Incorporated) Hidden Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.3.0 - SlySoft) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - ) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.) Audials (HKLM-x32\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2012.0504.2334.40448 - ATI) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0504.2334.40448 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Dutch (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help English (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help French (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help German (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Italian (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Japanese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Korean (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Portuguese (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Spanish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden CCC Help Swedish (x32 Version: 2012.0504.2333.40448 - ATI) Hidden ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2012.0504.2334.40448 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.) Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WP-4545 Series Printer Uninstall (HKLM\...\EPSON WP-4545 Series) (Version: - SEIKO EPSON Corporation) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) EXIF Date Changer v3.01 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HP Smart Print 2.1 (HKLM-x32\...\{AC6057B3-631D-45F1-8E1F-5160ADD01D08}) (Version: 2.1.0.235 - Hewlett-Packard) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM-x32\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH) Intel(R) Network Connections 18.2.63.0 (HKLM\...\PROSetDX) (Version: 18.2.63.0 - Intel) Intel(R) Network Connections 18.2.63.0 (Version: 18.2.63.0 - Intel) Hidden Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.1.400 - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab) Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - ) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo) Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mobile Broadband drivers (HKLM\...\{83970716-909C-4FBC-9CF5-AD842758BBA0}) (Version: 6.1.10.5 - Ericsson AB) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON) Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG) Nero 11 Cliparts (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG) Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.19400 - Nero AG) Hidden Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Image Samples (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Recode 11 (x32 Version: 5.2.11300.0.0 - Nero AG) Hidden Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden Nero Video 11 (x32 Version: 8.2.16000.4.100 - Nero AG) Hidden Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden NVIDIA nView Desktop Manager (Version: 121.20 - NVIDIA Corporation) Hidden OLXWord (HKLM-x32\...\{5A45BA95-7699-4EE2-8B94-06BBBCE2C1D3}) (Version: 4.0.0 - GANGL Dienstleistungen (www.gangl.de)) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Prüfungstraining interaktiv Heilpraktiker für Psychotherapie (HKLM-x32\...\{DD4512D7-AE04-46A8-8D29-0BFC63031B33}) (Version: 1.0.0 - Elsevier GmbH) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH) Schreibmaschinenkurs 3.6 (HKLM-x32\...\{A31B67DF-78AB-478B-8315-4C35278FE9C3}) (Version: 3.6 - Freudenreich) Secure Download Manager (HKLM-x32\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SilverFast 8.0.1r30 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.0.1r30 - LaserSoft Imaging AG) SilverFast HDRStudio 6.6.2r5 (HKLM-x32\...\SilverFast HDRStudio) (Version: - LaserSoft Imaging AG) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc) SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - ) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.1616.206 - ALPS ELECTRIC CO., LTD.) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.10.0.0 - Lenovo) ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.9 - Lenovo) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vista Fotobuch (HKCU\...\ef87663cbb7e0fd3) (Version: 1.16.10.0 - my-photonet) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Waterfox (HKLM\...\{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}) (Version: 18.0.1 - Waterfox Limited) Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden windata 8 (HKLM-x32\...\{31673EDC-1AEB-444C-A28C-B7083E0E7312}) (Version: 08.08.0000 - windata GmbH & Co.KG) windata Systemkomponenten (HKLM-x32\...\{059D9D8C-BEB1-4496-8447-91F79AD272C2}) (Version: 07.07.0000 - windata GmbH & Co.KG) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Wings Platinum 4 (HKLM-x32\...\{BBFF1DB6-55F9-41CA-B4C4-9432EC14AEFB}) (Version: 4.25.2 - AV Stumpfl) ==================== Restore Points ========================= 01-03-2014 18:25:46 zoek.exe restore point 01-03-2014 19:45:10 Installed Dragon NaturallySpeaking 12.5 Upgrade. 01-03-2014 20:45:51 Installed Dragon NaturallySpeaking 12.5 HF1. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-04-28 11:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {01320583-C11B-4957-9C7C-A85F5BABDDC5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {1D9D7C2A-6263-4061-B071-E574CB02F735} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {209019A3-1463-4EB5-A2B3-74C81F96C2FA} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation) Task: {235E7A80-9A83-4592-A70F-542CF0EF7E75} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {2586A9D0-3A7C-443F-B6F3-83DF8D481AF5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {2C457B6F-3CDD-4A60-88C1-59D51044A69C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4CA1D91A-CF77-48EE-9D0F-4AD108405AC0} - System32\Tasks\{2E900093-7BBB-4A94-96EF-C8A09D1BD7D7} => C:\Users\Normal\Desktop\CScan\zoek.exe Task: {5BF08A0A-2379-4FB4-BEA5-E5FB213B1098} - System32\Tasks\Amazon Music Helper => C:\Users\Normal\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2014-01-14] () Task: {60795FE4-52E5-45FD-9E0E-54B2ECC0FED3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02] (Google Inc.) Task: {7C651198-860B-4916-9F81-DD41A78192D2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {8509E5A6-33CB-4B69-830B-ACCF72A4BE61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {88416939-42F3-4357-9F6E-5D94C1CBB3F9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {A141EE4C-CAE9-4F85-9D75-D17C3E310B21} - System32\Tasks\AdobeAAMUpdater-1.0-IQ-Lenovo-Admin2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {A6E0C07B-3839-45FA-9D62-81BDB46872F6} - \MySearchDial No Task File Task: {AB9A304E-C5E5-4726-8696-CBB0247329E2} - \Digital Sites No Task File Task: {B17CB5B3-AAAC-42AD-9913-86683170B86E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B820127D-54B5-4488-BEB1-104A76AFC270} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation) Task: {BC62559A-6DEF-448C-817C-F770CE5ED4D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02] (Google Inc.) Task: {C7284462-9C86-474E-B778-2188F137FFE4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {CBE8E15C-468E-4896-9C96-1A0A282A2812} - System32\Tasks\{8EC6E4EB-5D37-455E-A46F-CB6E378F1536} => C:\Users\Normal\Desktop\CScan\zoek.exe Task: {E0E98390-E51A-4BD4-9789-68BBEB4D3C5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: {EA9493AB-DAA4-483A-90F5-BB93B82D9343} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2356296840-1857682401-3091679653-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {F3061008-0FFE-4BFF-AD60-9F5C1BFA0A42} - System32\Tasks\AdobeAAMUpdater-1.0-IQ-Lenovo-Normal => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {F83D03B5-36D0-426A-853D-A96158696686} - System32\Tasks\Intel_C_CVMP216401R3180CGN => C:\Program Files (x86)\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [2014-02-03] (Intel) Task: {FAD9623F-1E76-4F1F-9F33-6CE7C094180D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-07-30 09:37 - 2012-01-16 16:54 - 00545280 _____ () C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe 2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2009-10-09 13:36 - 2009-10-09 13:36 - 00438272 ____R () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe 2014-01-15 21:33 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\Normal\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2013-08-04 13:00 - 2013-08-04 13:00 - 00075864 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe 2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-05-04 23:33 - 2012-05-04 23:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-02 12:15 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll 2013-07-30 09:37 - 2012-01-10 10:09 - 00159744 _____ () C:\Program Files (x86)\KlimaLoggPro\sHID.dll 2012-08-23 00:42 - 2012-08-23 00:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2009-03-25 20:08 - 2009-03-25 20:08 - 00058880 ____R () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\MBMDebug.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-12-18 19:43 - 2013-12-18 19:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu 2014-03-02 09:40 - 2014-03-02 09:40 - 00041984 _____ () c:\users\Normal\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjcypo.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Normal\AppData\Roaming\Dropbox\bin\libcef.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-08-23 03:35 - 2012-08-23 03:35 - 13873200 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2012-08-23 03:31 - 2012-08-23 03:31 - 01590656 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll 2012-07-24 14:48 - 2012-07-24 14:48 - 00012160 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2012-08-23 01:12 - 2012-08-23 01:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\startupreg: AnyDVD => "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/02/2014 11:43:21 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/02/2014 10:35:30 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (03/02/2014 10:19:26 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16518, Zeitstempel: 0x52f347b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x032a0fe1 ID des fehlerhaften Prozesses: 0x1dc8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (03/02/2014 09:41:01 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 10:58:18 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16518, Zeitstempel: 0x52f347b2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x03150fed ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (03/01/2014 09:42:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 08:35:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 08:09:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 07:44:36 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 07:13:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/02/2014 09:41:25 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (03/02/2014 09:40:24 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/02/2014 09:40:24 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (03/01/2014 11:55:11 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (03/01/2014 09:42:27 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (03/01/2014 09:41:24 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/01/2014 09:41:23 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (03/01/2014 09:40:18 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 01.03.2014 um 20:52:34 unerwartet heruntergefahren. Error: (03/01/2014 08:45:59 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Dragon Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (03/01/2014 08:35:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Microsoft Office Sessions: ========================= Error: (03/02/2014 11:43:21 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe Error: (03/02/2014 10:35:30 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (03/02/2014 10:19:26 AM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c0000005032a0fe11dc801cf35f3163bca82C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownbf5b890e-a1eb-11e3-b8eb-0c6076882089 Error: (03/02/2014 09:41:01 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 10:58:18 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE11.0.9600.1651852f347b2unknown0.0.0.000000000c000000503150fed104c01cf358ec1dd426dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown985bd833-a18c-11e3-95fe-0c6076882089 Error: (03/01/2014 09:42:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 08:35:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 08:09:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 07:44:36 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/01/2014 07:13:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-01-13 14:28:40.861 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:28:40.705 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:13:01.472 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:13:01.284 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:08:47.144 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 14:08:46.629 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 13:35:41.502 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-13 13:35:41.378 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-28 12:58:14.986 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-28 12:58:14.940 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8088.03 MB Available physical RAM: 5424.07 MB Total Pagefile: 16174.23 MB Available Pagefile: 13167.98 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:167.58 GB) (Free:14.04 GB) NTFS Drive n: (Groupshare) (Network) (Total:1832.31 GB) (Free:554.74 GB) NTFS Drive u: (Normal) (Network) (Total:1832.31 GB) (Free:554.74 GB) NTFS Drive z: (Data) (Network) (Total:1832.31 GB) (Free:554.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 612212B7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS) ==================== End Of Log ============================ SystemLook 30.07.11 by jpshortstuff Log created at 12:10 on 02/03/2014 by Normal Administrator - Elevation successful ========== filefind ========== Searching for "*Mysearchdial*" C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir --a---- 318872 bytes [23:23 28/02/2014] [23:23 28/02/2014] 3B7B2372A53CA01A306539688EEA89A2 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir --a---- 600472 bytes [23:23 28/02/2014] [23:23 28/02/2014] B18A812DCEED27054E979BEDE301F570 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir --a---- 381848 bytes [23:23 28/02/2014] [23:23 28/02/2014] C3055DCB5BF35E3C48BDD4E46BDA45C6 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir --a---- 288664 bytes [23:23 28/02/2014] [23:23 28/02/2014] 557A1DC48724E54889393BE5F4CEE77F C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir --a---- 279960 bytes [23:23 28/02/2014] [23:23 28/02/2014] F4ADA96C69685D7804D391081D03DB42 C:\AdwCleaner\Quarantine\C\Users\Admin2.IQ-Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\bmom0aue.default\searchplugins\Mysearchdial.xml.vir --a---- 1223 bytes [23:23 28/02/2014] [23:23 28/02/2014] 07F2A097C1DE27B0EBA3F9F628F4B035 C:\AdwCleaner\Quarantine\C\Users\F. Haffner\AppData\Roaming\Mozilla\Firefox\Profiles\jbfdsj7n.default\searchplugins\Mysearchdial.xml.vir --a---- 1223 bytes [23:23 28/02/2014] [23:23 28/02/2014] 07F2A097C1DE27B0EBA3F9F628F4B035 C:\AdwCleaner\Quarantine\C\Users\Normal\AppData\Roaming\Mozilla\Firefox\Profiles\kfb8oecp.default\searchplugins\Mysearchdial.xml.vir --a---- 2777 bytes [23:23 28/02/2014] [23:23 28/02/2014] EAF9444E2D95B2036DEFA82BFE63C632 C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\MySearchDial.vir --a---- 3256 bytes [23:23 28/02/2014] [23:23 28/02/2014] 9D4677408EE7BA91EDD6571BB4810340 C:\AdwCleaner\Quarantine\C\Windows\Tasks\MySearchDial.job.vir --a---- 304 bytes [23:23 28/02/2014] [17:23 01/03/2014] 32E90D08509C9DD6613ADA251CA27F6A C:\zoek_backup\C_Users_ADMIN2~1.AQ~_AppData_Roaming_Mozilla_Firefox_Profiles_bmom0aue.default_extensions_staged\ffxtlbr@mysearchdial.com\content\mysea rchdial.css --a---- 2375 bytes [18:58 01/03/2014] [10:33 12/05/2013] 35492022F20F774A50610983A9CC709E C:\zoek_backup\C_Users_ADMIN2~1.AQ~_AppData_Roaming_Mozilla_Firefox_Profiles_bmom0aue.default_extensions_staged\ffxtlbr@mysearchdial.com\content\mysea rchdial.xul --a---- 1200 bytes [18:58 01/03/2014] [10:33 12/05/2013] E810EBC4B0D0AAD1FCCA59EB905C6411 C:\zoek_backup\C_Users_F7D0F~1.HAF_AppData_Roaming_Mozilla_Firefox_Profiles_jbfdsj7n.default_extensions_staged\ffxtlbr@mysearchdial.com\content\mysear chdial.css --a---- 2375 bytes [18:58 01/03/2014] [10:33 12/05/2013] 35492022F20F774A50610983A9CC709E C:\zoek_backup\C_Users_F7D0F~1.HAF_AppData_Roaming_Mozilla_Firefox_Profiles_jbfdsj7n.default_extensions_staged\ffxtlbr@mysearchdial.com\content\mysear chdial.xul --a---- 1200 bytes [18:58 01/03/2014] [10:33 12/05/2013] E810EBC4B0D0AAD1FCCA59EB905C6411 Searching for "*DigitalSites*" No files found. ========== folderfind ========== Searching for "*Mysearchdial*" C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial d------ [17:26 01/03/2014] C:\AdwCleaner\Quarantine\C\Users\Normal\AppData\Roaming\Mysearchdial d------ [17:26 01/03/2014] C:\zoek_backup\C_Users_ADMIN2~1.AQ~_AppData_Roaming_Mozilla_Firefox_Profiles_bmom0aue.default_extensions_staged\ffxtlbr@mysearchdial.com d-a---- [18:58 01/03/2014] C:\zoek_backup\C_Users_F7D0F~1.HAF_AppData_Roaming_Mozilla_Firefox_Profiles_jbfdsj7n.default_extensions_staged\ffxtlbr@mysearchdial.com d-a---- [18:58 01/03/2014] Searching for "*DigitalSites*" C:\AdwCleaner\Quarantine\C\Users\Normal\AppData\Roaming\DigitalSites d------ [17:26 01/03/2014] ========== regfind ========== Searching for "Mysearchdial" [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet] "UseRWHlinkNavigation"="http://www.trojaner-board.de/150467-...new-post.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6E0C07B-3839-45FA-9D62-81BDB46872F6}] "Path"="\MySearchDial" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial] [HKEY_USERS\S-1-5-21-2356296840-1857682401-3091679653-1003\Software\Microsoft\Office\14.0\Common\Internet] "UseRWHlinkNavigation"="http://www.trojaner-board.de/150467-...new-post.html" Searching for "DigitalSites" No data found. Searching for "Imesh" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iMeshSetup-r1487-w-bf.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell] @="PlayWithiMesh" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh] @="Play CD with iMesh" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh\Command] @=""C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --playdrive %L" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\iMesh] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17FA043C-E30A-4BB5-9E4C-F47755678584}] @="IImeShortcutMenuLaunchRequest" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\InprocServer32] @="C:\Program Files (x86)\iMesh Applications\iMesh\ImageUploader5.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ToolboxBitmap32] @="C:\Program Files (x86)\iMesh Applications\iMesh\ImageUploader5.ocx, 102" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{17FA043C-E30A-4BB5-9E4C-F47755678584}] @="IImeShortcutMenuLaunchRequest" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "iMesh"="SOFTWARE\iMesh\Capabilities" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\InprocServer32] @="C:\Program Files (x86)\iMesh Applications\iMesh\ImageUploader5.ocx" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ToolboxBitmap32] @="C:\Program Files (x86)\iMesh Applications\iMesh\ImageUploader5.ocx, 102" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{17FA043C-E30A-4BB5-9E4C-F47755678584}] @="IImeShortcutMenuLaunchRequest" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications] "iMesh"="SOFTWARE\iMesh\Capabilities" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{CC1033A9-7CF1-422D-A427-DCBC41CB938A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe|Name=iMesh|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{CC1033A9-7CF1-422D-A427-DCBC41CB938A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe|Name=iMesh|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{CC1033A9-7CF1-422D-A427-DCBC41CB938A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe|Name=iMesh|" Searching for "caphyon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72720EC6C9C2FF844BDDE80E6449DD0D] "B7BED7DFAEC85E44BAD2C76687C65036"="02:\Software\Caphyon\Advanced Installer\LZMA\{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}\18.0.1\AI_ExePath" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F91A026BD378DF24F891D821626B349E] "B7BED7DFAEC85E44BAD2C76687C65036"="02:\Software\Caphyon\Advanced Installer\Installs\{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}\AIShRegAnswer" -= EOF =- |
|
02.03.2014, 13:58
| #6 |
| /// TB-Ausbilder | Mysearchdial läßt sich nicht entfernen Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
Startup: C:\Users\Normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lwu.cmd ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Task: {A6E0C07B-3839-45FA-9D62-81BDB46872F6} - \MySearchDial No Task File
Task: {AB9A304E-C5E5-4726-8696-CBB0247329E2} - \Digital Sites No Task File
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iMeshSetup-r1487-w-bf.exe" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {CC1033A9-7CF1-422D-A427-DCBC41CB938A} /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
02.03.2014, 22:14
| #7 |
| | Mysearchdial läßt sich nicht entfernen Danke Matthias, Maßnahmen ausgeführt. Aus dem Skript für FRST habe ich jedoch die lwu.cmd rausgenommen. Die verbindet mich mit den Laufwerken auf der NAS. Anbei die LogDateien: FRST Fixlist start Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Task: {A6E0C07B-3839-45FA-9D62-81BDB46872F6} - \MySearchDial No Task File Task: {AB9A304E-C5E5-4726-8696-CBB0247329E2} - \Digital Sites No Task File Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iMeshSetup-r1487-w-bf.exe" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}" /f Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v {CC1033A9-7CF1-422D-A427-DCBC41CB938A} /f end ================================================= HitmanPro lieferte mangels erkennen einer Bedrohung keine Logfile ================================================= ESET ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f8f64d1a60241c45b27d62df3ee7ea34 # engine=13713 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-28 05:31:02 # local_time=2013-04-28 07:31:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1285 16777213 100 98 36333 63818174 0 0 # compatibility_mode=5893 16776573 100 94 26256 118800112 0 0 # scanned=44082 # found=0 # cleaned=0 # scan_time=1210 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f8f64d1a60241c45b27d62df3ee7ea34 # engine=17289 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-02 08:53:03 # local_time=2014-03-02 09:53:03 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1285 16777214 100 98 38775 90117533 0 0 # compatibility_mode=5893 16776573 100 94 39559 145423433 0 0 # scanned=318435 # found=0 # cleaned=0 # scan_time=4543 ================================================== Systemcheckup Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Flash Player 12.0.0.70 Flash Player out of Date! Mozilla Firefox (27.0.1) ````````Process Check: objlist.exe by Laurent```````` KlimaLoggPro KlimaLoggProService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Grüße Blueribbon |
|
03.03.2014, 09:52
| #8 | |
| /// TB-Ausbilder | Mysearchdial läßt sich nicht entfernen Servus, Zitat:
 Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
05.03.2014, 15:31
| #9 |
| /// TB-Ausbilder | Mysearchdial läßt sich nicht entfernen Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Mysearchdial läßt sich nicht entfernen |
| adobe, bildschirm, bonjour, branding, combofix, defender, desktop, diagnostics, entfernen, excel, festplatte, firefox, flash player, freude, homepage, igdpmd64.sys, internet explorer, kaspersky, mozilla, mozilla firefox, mysearchdial, object, officejet, registry, schutz, security, software, svchost.exe, system, usb, vista, warnung, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
