|
Plagegeister aller Art und deren Bekämpfung: en.eazel.com Virus entfernen Windows 8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.03.2014, 08:59 | #1 |
| en.eazel.com Virus entfernen Windows 8 Hallo, habe schon den Arteikel en.eazel.com Virus entfernen gelesen und schon andere Artikel. Habe einen Windows 8.1 PC und bekomme dass Teil nicht runter! Habe es schon mit diversen Malware-Programmen probiert - auch mit einer Kaspersky Kaufversion - keine Chance. In der Regedit finde ich das Teil auch nicht! Was kann ich machen? Gruß Mike |
14.03.2014, 15:05 | #2 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Welche Tools hast du ausgeführt? Bitte alle Logdateien davon nachreichen. In welchem Browser hast du die Probleme? Außerdem noch FRST bitte ausführen: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
14.03.2014, 19:43 | #3 |
| en.eazel.com Virus entfernen Windows 8 Hallo Matthias,
__________________vielen lieben Dank für die Hilfe. gerne befolge ich die Anweisungen! Melde mich sobald Zeit ist :-) GLG Mike |
15.03.2014, 12:52 | #4 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus, alles klar, dann bis bald. |
15.03.2014, 19:51 | #5 |
| en.eazel.com Virus entfernen Windows 8 Hallo, also hier ist die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Asus1 (ATTENTION: The logged in user is not administrator) on GUHLPC on 15-03-2014 19:47:56 Running from Z:\Desktop Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\ToastNotifications\ToastNotifications.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [IntelSBA] - C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\RunOnce: [CleanSetup] - cmd /C rmdir /S /Q "C:\Users\sebastian\AppData\Local\Temp\nro.tmp\" [0 2014-02-08] () HKLM-x32\...\Runonce: [Del980828] - cmd.exe /Q /D /c del "C:\Users\SEBAST~1\AppData\Local\Temp\0.del" [X] HKLM-x32\...\Runonce: [Del996500] - cmd.exe /Q /D /c del "C:\Users\SEBAST~1\AppData\Local\Temp\0.del" [X] HKLM-x32\...\Runonce: [DelTr2828859] - cmd.exe /c rd /s /q "C:\Users\sebastian\AppData\Roaming\mysearchdial" [X] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Asus1\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=49212aaab52d47d2a1e24597c63ae81b-b174aead82f4f0c65509a60ccf31657e07ec585f /CMPID=1213b HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Startup: C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKLM - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM-x32 - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS SearchScopes: HKCU - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: https://www.google.de/ CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22] CHR Extension: (Google Drive) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22] CHR Extension: (YouTube) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22] CHR Extension: (Google-Suche) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12] CHR Extension: (Virtuelle Tastatur) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12] CHR Extension: (Google Maps) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-22] CHR Extension: (Google Wallet) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22] CHR Extension: (Lavasoft NewTab) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-03-07] CHR Extension: (Google Mail) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-23] (AVG Technologies) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-12] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-12] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-03-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-12] (Kaspersky Lab ZAO) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 19:30 - 2014-03-15 19:47 - 00000000 ____D () C:\FRST 2014-03-14 13:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 13:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 13:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 13:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 13:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 13:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 13:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 13:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 13:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-03-14 13:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-03-14 13:09 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 13:09 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-14 13:09 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 13:09 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-03-14 13:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-03-14 13:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2014-03-14 13:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2014-03-14 13:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2014-03-14 13:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-03-14 13:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2014-03-14 13:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2014-03-14 13:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-03-14 13:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2014-03-14 13:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2014-03-14 13:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-03-14 13:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-03-14 13:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-03-14 13:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-14 13:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-14 13:09 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-03-14 13:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2014-03-14 13:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll 2014-03-14 13:09 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-14 13:09 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-03-14 13:09 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:41 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2014-03-12 18:40 - 2014-03-15 19:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-12 18:40 - 2014-03-12 18:45 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:40 - 2014-03-12 18:45 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-11 17:33 - 2014-03-11 17:35 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-08 19:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-12 18:35 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:51 - 2014-03-07 19:53 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:50 - 2014-03-11 16:27 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\SecureSearch 2014-03-07 19:50 - 2014-03-07 19:50 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:34 - 2014-03-04 21:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-04 21:34 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-03-04 21:34 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-03-04 21:34 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-03-03 21:24 - 2014-03-03 21:24 - 00015299 _____ () C:\Windows\wininit.ini 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\sh4ldr 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 22:43 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-02-27 19:51 - 2014-02-27 19:43 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky 2014-02-18 19:34 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll 2014-02-18 19:34 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll 2014-02-18 19:34 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-02-18 19:34 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-02-18 19:34 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-02-18 19:34 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-02-18 19:34 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys 2014-02-18 19:34 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-02-18 19:34 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-02-18 19:34 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-02-18 19:34 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-02-18 19:34 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll 2014-02-18 19:34 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2014-02-18 19:34 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll 2014-02-18 19:34 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2014-02-18 19:34 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll 2014-02-18 19:34 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll 2014-02-18 19:34 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2014-02-18 19:34 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2014-02-18 19:34 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2014-02-18 19:34 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-02-18 19:34 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-02-18 19:34 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-02-18 19:34 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-02-18 19:34 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-02-18 19:34 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll 2014-02-18 19:34 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-02-18 19:34 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-02-18 19:34 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll 2014-02-18 19:34 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys 2014-02-18 19:34 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-02-18 19:34 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2014-02-18 19:34 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2014-02-18 19:34 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2014-02-18 19:34 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2014-02-18 19:34 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2014-02-18 19:34 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-02-18 19:34 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-02-18 19:34 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll 2014-02-18 19:34 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-02-18 19:34 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2014-02-18 19:34 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2014-02-18 19:34 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2014-02-18 19:34 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-02-18 19:34 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-02-18 19:34 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-02-15 20:22 - 2014-02-15 20:22 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\telnet.exe 2014-02-15 19:00 - 2014-02-15 19:01 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-02-15 19:00 - 2014-02-15 19:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-15 18:44 - 2014-02-15 18:44 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\DVDVideoSoft 2014-02-15 18:44 - 2014-02-15 18:44 - 00000000 _____ () C:\END 2014-02-15 18:43 - 2014-02-15 18:43 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\DVDVideoSoft 2014-02-15 18:43 - 2014-02-15 18:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-02-15 18:21 - 2014-02-15 18:21 - 00000170 _____ () C:\Users\Asus1\AppData\Roaming\default.rss 2014-02-15 18:21 - 2014-02-15 18:21 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Nero 2014-02-15 18:19 - 2014-02-15 18:19 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Apple Computer 2014-02-15 18:17 - 2014-02-15 19:29 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Apple Computer 2014-02-15 18:15 - 2014-02-15 18:15 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Apple 2014-02-15 18:13 - 2014-02-15 18:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-02-15 18:13 - 2014-02-15 18:13 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Apple 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\ProgramData\Apple 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-02-15 18:02 - 2014-02-15 18:09 - 41404760 _____ (Apple Inc.) C:\Users\Asus1\Downloads\QuickTimeInstaller.exe 2014-02-15 16:41 - 2014-02-15 16:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ==================== One Month Modified Files and Folders ======= 2014-03-15 19:47 - 2014-03-15 19:30 - 00000000 ____D () C:\FRST 2014-03-15 19:45 - 2014-01-22 18:29 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-15 19:42 - 2014-02-09 16:42 - 00000320 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-15 19:41 - 2014-03-12 18:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-15 19:35 - 2014-01-22 03:55 - 01932732 _____ () C:\Windows\WindowsUpdate.log 2014-03-15 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-03-15 13:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-03-15 13:20 - 2014-01-22 18:29 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-14 18:20 - 2014-01-06 08:55 - 00559754 _____ () C:\Windows\PFRO.log 2014-03-14 18:20 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-14 18:20 - 2013-08-22 15:44 - 00481408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 18:45 - 2014-03-12 18:40 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:45 - 2014-03-12 18:40 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-03-12 18:45 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-03-12 18:45 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klelam.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-12 18:40 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-03-12 18:35 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-12 18:31 - 2014-01-22 04:45 - 00000000 ____D () C:\ProgramData\AVG2014 2014-03-12 18:31 - 2014-01-22 04:41 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-11 17:35 - 2014-03-11 17:33 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 16:27 - 2014-03-07 19:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\SecureSearch 2014-03-11 15:53 - 2014-01-29 12:19 - 00000000 ____D () C:\Users\Asus1\AppData\Local\CrashDumps 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:52 - 2014-01-06 09:08 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-08 19:52 - 2013-08-23 00:24 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2014-03-08 19:52 - 2013-08-23 00:24 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:53 - 2014-03-07 19:51 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:50 - 2014-03-07 19:50 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:35 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-03 21:24 - 2014-03-03 21:24 - 00015299 _____ () C:\Windows\wininit.ini 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\sh4ldr 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 21:59 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\FileZilla 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-03-01 07:05 - 2014-03-14 13:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-14 13:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-14 13:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-14 13:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-14 13:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-14 13:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-14 13:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-14 13:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-14 13:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-14 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-14 13:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-14 13:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-14 13:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-14 13:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-14 13:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 19:51 - 2014-02-04 21:06 - 00000000 ____D () C:\Users\sebastian 2014-02-27 19:43 - 2014-02-27 19:51 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky 2014-02-26 15:34 - 2014-02-01 18:20 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Fernzugang einrichten 2014-02-22 15:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-02-21 19:36 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-21 19:36 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-21 14:00 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism 2014-02-21 13:15 - 2014-01-23 20:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-21 13:13 - 2014-01-23 20:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 13:33 - 2013-08-22 15:46 - 00022526 _____ () C:\Windows\setupact.log 2014-02-15 20:22 - 2014-02-15 20:22 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\telnet.exe 2014-02-15 19:29 - 2014-02-15 18:17 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Apple Computer 2014-02-15 19:06 - 2014-01-22 04:46 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\TuneUp Software 2014-02-15 19:01 - 2014-02-15 19:00 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-02-15 19:01 - 2014-02-12 20:55 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\TuneUp Software 2014-02-15 19:00 - 2014-02-15 19:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-15 18:58 - 2014-02-07 20:49 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\MediaMonkey 2014-02-15 18:44 - 2014-02-15 18:44 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\DVDVideoSoft 2014-02-15 18:44 - 2014-02-15 18:44 - 00000000 _____ () C:\END 2014-02-15 18:43 - 2014-02-15 18:43 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\DVDVideoSoft 2014-02-15 18:43 - 2014-02-15 18:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-02-15 18:21 - 2014-02-15 18:21 - 00000170 _____ () C:\Users\Asus1\AppData\Roaming\default.rss 2014-02-15 18:21 - 2014-02-15 18:21 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Nero 2014-02-15 18:19 - 2014-02-15 18:19 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Apple Computer 2014-02-15 18:15 - 2014-02-15 18:15 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Apple 2014-02-15 18:14 - 2014-02-15 18:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-02-15 18:13 - 2014-02-15 18:13 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Apple 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\ProgramData\Apple 2014-02-15 18:12 - 2014-02-15 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-02-15 18:09 - 2014-02-15 18:02 - 41404760 _____ (Apple Inc.) C:\Users\Asus1\Downloads\QuickTimeInstaller.exe 2014-02-15 16:41 - 2014-02-15 16:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf Some content of TEMP: ==================== C:\Users\Asus1\AppData\Local\Temp\ose00000.exe C:\Users\sebastian\AppData\Local\Temp\1374509789_SmartPCFixInstaller_ITNTDigiC_appsP.exe C:\Users\sebastian\AppData\Local\Temp\14950uninstall.exe C:\Users\sebastian\AppData\Local\Temp\4b2cc328-9087-4ffc-9245-fa0a4071f295.exe C:\Users\sebastian\AppData\Local\Temp\BackupSetup.exe C:\Users\sebastian\AppData\Local\Temp\Quarantine.exe C:\Users\sebastian\AppData\Local\Temp\SHSetup.exe C:\Users\sebastian\AppData\Local\Temp\Sqlite3.dll C:\Users\sebastian\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-14 13:09] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 ==================== End Of Log ============================ und hier meine Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Asus1 at 2014-03-15 19:48:09 Running from Z:\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== "Durchstarten mit Ponky - Mathe 1+2" (HKLM-x32\...\"Durchstarten mit Ponky - Mathe 1+2") (Version: 2.00 - Engel Edition) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz) FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.1 - IniCom Networks, Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free AVI Video Converter version 5.0.32.1230 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel) Intel(R) Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nero 9 Essentials (HKLM-x32\...\{3729d804-fb93-4ebf-a272-cf2655d0d32c}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.21.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) SpeedCommander 15 (x64) (HKLM\...\SpeedCommander 15 (x64)) (Version: 15.00.7340 - SWE Sven Ritter) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\Digital Sites.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-01-22 17:58 - 2014-01-06 14:57 - 00215744 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\System.ComponentModel.Composition.dll 2014-01-22 17:58 - 2014-01-06 14:57 - 03111104 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.SmartConnect.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 02526912 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.ConnectCenter.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00604352 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AppUp.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00152768 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AntiTheft.UI.dll 2014-02-22 14:03 - 2014-02-22 14:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/15/2014 07:31:42 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (03/12/2014 06:29:58 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/12/2014 06:29:58 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/12/2014 06:21:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 27013. CA_Error27013: CheckAvgLic(0xE0010013): Verarbeitung der Lizenz fehlgeschlagen Error: (03/12/2014 06:21:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 27013. CA_Error27013: ProcessAvgLicense_c0001(0xE0010013): Verarbeitung der Lizenz fehlgeschlagen Error: (03/11/2014 04:27:00 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (03/11/2014 03:55:56 PM) (Source: Application Hang) (User: ) Description: Programm PHOTOSAPP.EXE, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1bf4 Startzeit: 01cf3d39f3802d2e Endzeit: 4294967295 Anwendungspfad: C:\WINDOWS\FILEMANAGER\PHOTOSAPP.EXE Berichts-ID: 3b03fea9-a92d-11e3-8281-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/11/2014 03:55:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/11/2014 03:55:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/11/2014 03:53:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WWAHOST.EXE, Version: 6.3.9600.16431, Zeitstempel: 0x525e5d4e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.16496, Zeitstempel: 0x52b3f283 Ausnahmecode: 0x00000004 Fehleroffset: 0x0000000000005a88 ID des fehlerhaften Prozesses: 0xda0 Startzeit der fehlerhaften Anwendung: 0xWWAHOST.EXE0 Pfad der fehlerhaften Anwendung: WWAHOST.EXE1 Pfad des fehlerhaften Moduls: WWAHOST.EXE2 Berichtskennung: WWAHOST.EXE3 Vollständiger Name des fehlerhaften Pakets: WWAHOST.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WWAHOST.EXE5 System errors: ============= Error: (03/15/2014 06:53:49 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/14/2014 07:52:59 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/14/2014 06:20:51 PM) (Source: NETLOGON) (User: ) Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error: (03/14/2014 06:20:45 PM) (Source: Service Control Manager) (User: ) Description: Erkannte Ringabhängigkeiten starten Dienste automatisch. Überprüfen Sie die Abhängigkeitsstruktur des Diensts. Error: (03/14/2014 06:20:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "EsgScanner" ist von einem Dienst in einer Gruppe abhängig, der später gestartet wird. Ändern Sie die Reihenfolge in der Dienstabhängigkeitsstruktur, um sicherzustellen, dass alle für diesen Dienst erforderlichen Dienste gestartet sind, bevor dieser Dienst gestartet wird. Error: (03/13/2014 07:27:43 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/13/2014 05:52:51 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/13/2014 05:23:42 PM) (Source: DCOM) (User: GuhlPc) Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}GuhlPcAsus1S-1-5-21-2585991977-3148199159-469251199-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/13/2014 05:23:42 PM) (Source: DCOM) (User: GuhlPc) Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}GuhlPcAsus1S-1-5-21-2585991977-3148199159-469251199-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/13/2014 05:23:41 PM) (Source: DCOM) (User: GuhlPc) Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}GuhlPcAsus1S-1-5-21-2585991977-3148199159-469251199-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3972.97 MB Available physical RAM: 2217.77 MB Total Pagefile: 8068.97 MB Available Pagefile: 5748.8 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:236.62 GB) (Free:195.45 GB) NTFS Drive f: (Volume) (Fixed) (Total:211.47 GB) (Free:199.9 GB) NTFS Drive w: () (Network) (Total:152.66 GB) (Free:127.22 GB) NTFS Drive x: () (Network) (Total:37.57 GB) (Free:30 GB) NTFS Drive y: () (Network) (Total:152.66 GB) (Free:127.22 GB) NTFS Drive z: (Volume) (Network) (Total:28.63 GB) (Free:0.89 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Lieben Gruß Mike |
16.03.2014, 13:58 | #6 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus Mike, erst mal bitte diese Schritte ausführen, sollte recht flott gehen. Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 5 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste mit deiner nächsten Antwort
|
16.03.2014, 20:21 | #7 |
| en.eazel.com Virus entfernen Windows 8 Hallo, hier ist nun Schritt 2;AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 16/03/2014 um 19:21:00 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 8.1 Pro (64 bits) # Benutzername : sebastian - GUHLPC # Gestartet von : C:\Users\sebastian\Desktop\adwcleaner (1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Google Chrome v33.0.1750.154 [ Datei : C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [14656 octets] - [04/02/2014 21:13:46] AdwCleaner[R2].txt - [1138 octets] - [16/03/2014 18:47:41] AdwCleaner[R3].txt - [1198 octets] - [16/03/2014 19:20:32] AdwCleaner[S0].txt - [14596 octets] - [04/02/2014 21:17:34] AdwCleaner[S2].txt - [1120 octets] - [16/03/2014 19:21:00] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1180 octets] ########## Gruß Mike Schritt 3:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 8.1 Pro x64 Ran by sebastian on 16.03.2014 at 19:39:17,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\sebastian\appdata\local\adawarebp" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.03.2014 at 19:42:53,29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Schritt 4: Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware Datenbank Version: v2014.03.16.02 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16521 sebastian :: GUHLPC [Administrator] Schutz: Aktiviert 16.03.2014 19:49:29 mbam-log-2014-03-16 (19-49-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Dateisystem | P2P Durchsuchte Objekte: 234548 Laufzeit: 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und Schritt 5: Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by sebastian on 16.03.2014 at 19:55:28,05. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\sebastian\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 16.03.2014 19:56:49 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Lavasoft\AdAware SecureSearch Toolbar deleted C:\Users\sebastian\AppData\Roaming\SecureSearch deleted C:\Users\Asus1\AppData\Local\adawarebp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\wininit.ini deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\sebastian\Desktop\FREE Games.url deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [12.03.2014 18:45] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49] hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50] jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[12.03.2014 18:44] oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[] Lavasoft NewTab - Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole Lavasoft NewTab - sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole ==== Chrome Fix ====================== C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Asus1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Asus1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\sebastian\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\sebastian\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=631 folders=74 17241799 bytes) ==== Empty Temp Folders ====================== C:\Users\Asus1\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\sebastian\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\SEBAST~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 16.03.2014 at 20:17:13,75 ====================== MFG Mike |
17.03.2014, 19:41 | #8 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus, noch Probleme mit eazel.com? Wenn ja, in welchem Browser? Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. |
17.03.2014, 20:46 | #9 |
| en.eazel.com Virus entfernen Windows 8 Hallo, vielen Dank für die super Hilfe Er taucht jedoch immer noch im Internet Explorer auf - hmmm? Gruß Mike |
18.03.2014, 20:30 | #10 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus, Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
22.03.2014, 11:37 | #11 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
22.03.2014, 13:32 | #12 |
| en.eazel.com Virus entfernen Windows 8 Hi, so - nun noch einmal Schritt 1:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Asus1 at 2014-03-22 13:29:18 Running from Z:\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== "Durchstarten mit Ponky - Mathe 1+2" (HKLM-x32\...\"Durchstarten mit Ponky - Mathe 1+2") (Version: 2.00 - Engel Edition) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz) FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.1 - IniCom Networks, Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free AVI Video Converter version 5.0.32.1230 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel) Intel(R) Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nero 9 Essentials (HKLM-x32\...\{3729d804-fb93-4ebf-a272-cf2655d0d32c}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.21.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) SpeedCommander 15 (x64) (HKLM\...\SpeedCommander 15 (x64)) (Version: 15.00.7340 - SWE Sven Ritter) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version: - Microsoft) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-01-22 17:58 - 2014-01-06 14:57 - 00215744 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\System.ComponentModel.Composition.dll 2014-01-22 17:58 - 2014-01-06 14:57 - 03111104 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.SmartConnect.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 02526912 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.ConnectCenter.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00604352 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AppUp.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00152768 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AntiTheft.UI.dll 2014-02-22 14:03 - 2014-02-22 14:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sebastian\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2014 08:44:13 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ec0 Startzeit: 01cf453de417ea1f Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 2b610918-b131-11e3-8289-ce33cb84606a Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/21/2014 08:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/21/2014 08:44:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/19/2014 07:06:12 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/18/2014 08:22:10 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1508 Startzeit: 01cf42df5003e565 Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 982f761d-aed2-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/18/2014 08:22:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/18/2014 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/16/2014 08:32:58 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20413 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit: 01cf414dd8e1be4c Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c51531a2-ad41-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/16/2014 08:22:22 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fe4 Startzeit: 01cf414c57f51542 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 4b985056-ad40-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/16/2014 08:04:57 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 167c Startzeit: 01cf4149e95a9789 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: dce0647b-ad3d-11e3-8287-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (03/21/2014 08:44:10 PM) (Source: DCOM) (User: GuhlPc) Description: Microsoft.Windows.PhotoManager Error: (03/20/2014 09:01:21 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/20/2014 07:15:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FD33BFD5-B62C-4640-AF3A-9FEB5DA830EB} Error: (03/20/2014 07:14:25 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\system32\config\SYSTEM Error: (03/20/2014 07:13:53 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E951C5BF-E567-4716-96FB-514A0EFAB485} Error: (03/20/2014 07:12:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Windows\system32\config\SYSTEM Error: (03/19/2014 07:06:32 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/19/2014 07:06:02 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/18/2014 08:22:08 PM) (Source: DCOM) (User: GuhlPc) Description: Microsoft.Windows.PhotoManager Error: (03/16/2014 08:21:22 PM) (Source: DCOM) (User: GuhlPc) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GuhlPcsebastianS-1-5-21-2585991977-3148199159-469251199-1006LocalHost (unter Verwendung von LRPC)Microsoft.BingNews_3.0.2.233_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3972.97 MB Available physical RAM: 2064.01 MB Total Pagefile: 8068.97 MB Available Pagefile: 5751.57 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:236.62 GB) (Free:192.87 GB) NTFS Drive f: (Volume) (Fixed) (Total:211.47 GB) (Free:211.35 GB) NTFS Drive w: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive x: () (Network) (Total:37.57 GB) (Free:31.04 GB) NTFS Drive y: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive z: (Volume) (Network) (Total:28.63 GB) (Free:0.99 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Schritt 1 zweite Datei: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Asus1 (ATTENTION: The logged in user is not administrator) on GUHLPC on 22-03-2014 13:29:03 Running from Z:\Desktop Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\ToastNotifications\ToastNotifications.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [IntelSBA] - C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Asus1\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=49212aaab52d47d2a1e24597c63ae81b-b174aead82f4f0c65509a60ccf31657e07ec585f /CMPID=1213b HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Startup: C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing SearchScopes: HKLM - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM-x32 - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS SearchScopes: HKCU - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB Tcpip\..\Interfaces\{705DC192-39C3-4063-A90A-E88A36CEA373}: [NameServer]192.168.178.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22] CHR Extension: (Google Drive) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22] CHR Extension: (YouTube) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22] CHR Extension: (Google-Suche) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12] CHR Extension: (Virtuelle Tastatur) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12] CHR Extension: (Google Wallet) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22] CHR Extension: (Google Mail) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-23] (AVG Technologies) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-12] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-12] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-03-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-12] (Kaspersky Lab ZAO) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 21:07 - 2014-03-21 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-20 20:21 - 2014-03-21 20:38 - 00000000 ____D () C:\download2 2014-03-20 20:01 - 2014-03-21 20:41 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\UseNeXT 2014-03-20 20:01 - 2014-03-20 20:01 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-03-20 19:59 - 2014-03-20 19:59 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\Asus1\Downloads\UseNeXTSetup_5.63.exe 2014-03-19 18:03 - 2014-01-04 16:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll 2014-03-19 18:03 - 2014-01-04 16:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll 2014-03-19 18:03 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2014-03-19 18:03 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2014-03-19 18:03 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-03-19 18:03 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-03-19 18:03 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-03-19 18:03 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2014-03-19 18:03 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-03-19 18:03 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll 2014-03-19 18:03 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll 2014-03-19 18:03 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2014-03-19 18:03 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2014-03-19 18:03 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 2014-03-19 18:03 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 18:03 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2014-03-19 18:03 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-03-19 18:03 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2014-03-19 18:03 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll 2014-03-19 18:03 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-19 18:03 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-19 18:02 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2014-03-19 18:02 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-03-19 18:02 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-03-19 18:02 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-03-19 18:02 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2014-03-19 18:02 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-03-19 18:02 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-03-19 18:02 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll 2014-03-19 18:02 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2014-03-19 18:02 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll 2014-03-19 18:02 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2014-03-19 18:02 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll 2014-03-19 18:02 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll 2014-03-19 18:02 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2014-03-19 18:02 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe 2014-03-19 18:02 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll 2014-03-17 20:33 - 2014-03-17 20:35 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-16 20:17 - 2014-03-16 20:19 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-16 20:03 - 2014-03-16 19:55 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-16 19:56 - 2014-03-16 20:17 - 00007805 _____ () C:\zoek-results.log 2014-03-16 19:55 - 2014-03-16 20:02 - 00000000 ____D () C:\zoek_backup 2014-03-16 19:55 - 2014-03-16 19:55 - 04095370 _____ () C:\Users\sebastian\Downloads\zoek.zip 2014-03-16 19:52 - 2014-03-16 19:53 - 01285120 _____ () C:\Users\sebastian\Downloads\zoek.exe 2014-03-16 18:46 - 2014-03-16 18:46 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner (2).exe 2014-03-16 18:44 - 2014-03-16 18:44 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner.exe 2014-03-16 18:42 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-16 18:39 - 2014-03-16 20:17 - 00000000 ___RD () C:\Users\sebastian\SkyDrive 2014-03-16 18:39 - 2014-03-16 18:39 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Intel Corporation 2014-03-16 18:38 - 2014-03-16 18:38 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Apple Computer 2014-03-16 18:37 - 2014-03-16 20:27 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Packages 2014-03-16 18:37 - 2014-03-16 18:37 - 00001457 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\VirtualStore 2014-03-16 18:29 - 2014-03-16 18:30 - 00000000 ____D () C:\Signatur 2014-03-15 19:30 - 2014-03-22 13:29 - 00000000 ____D () C:\FRST 2014-03-14 13:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 13:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 13:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 13:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 13:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 13:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 13:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 13:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 13:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-03-14 13:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-03-14 13:09 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 13:09 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-14 13:09 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 13:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-03-14 13:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-03-14 13:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2014-03-14 13:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2014-03-14 13:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2014-03-14 13:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-03-14 13:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2014-03-14 13:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2014-03-14 13:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-03-14 13:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2014-03-14 13:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2014-03-14 13:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-03-14 13:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-03-14 13:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-03-14 13:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-14 13:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-14 13:09 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-03-14 13:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2014-03-14 13:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll 2014-03-14 13:09 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-14 13:09 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-03-14 13:09 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:41 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2014-03-12 18:40 - 2014-03-22 13:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-12 18:40 - 2014-03-12 18:45 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:40 - 2014-03-12 18:45 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-16 19:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-08 19:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-12 18:35 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:50 - 2014-03-16 20:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:34 - 2014-03-04 21:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-04 21:34 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-03-04 21:34 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-03-04 21:34 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-02-27 19:51 - 2014-02-27 19:43 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky ==================== One Month Modified Files and Folders ======= 2014-03-22 13:29 - 2014-03-15 19:30 - 00000000 ____D () C:\FRST 2014-03-22 13:28 - 2014-03-12 18:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-22 13:21 - 2014-01-22 03:55 - 02084245 _____ () C:\Windows\WindowsUpdate.log 2014-03-22 13:12 - 2014-01-22 18:29 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-22 13:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-03-21 21:07 - 2014-03-21 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-21 21:07 - 2014-01-26 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-21 20:57 - 2014-02-07 20:49 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\MediaMonkey 2014-03-21 20:45 - 2014-01-22 18:29 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-21 20:41 - 2014-03-20 20:01 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\UseNeXT 2014-03-21 20:38 - 2014-03-20 20:21 - 00000000 ____D () C:\download2 2014-03-20 21:22 - 2014-01-23 13:17 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Adobe 2014-03-20 20:39 - 2013-08-22 15:46 - 00024720 _____ () C:\Windows\setupact.log 2014-03-20 20:01 - 2014-03-20 20:01 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-03-20 19:59 - 2014-03-20 19:59 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\Asus1\Downloads\UseNeXTSetup_5.63.exe 2014-03-20 19:33 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-20 19:33 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-20 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-03-20 19:01 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 20:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-03-18 20:21 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\FileZilla 2014-03-17 20:35 - 2014-03-17 20:33 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-16 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-03-16 20:27 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Packages 2014-03-16 20:19 - 2014-03-16 20:17 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-16 20:17 - 2014-03-16 19:56 - 00007805 _____ () C:\zoek-results.log 2014-03-16 20:17 - 2014-03-16 18:39 - 00000000 ___RD () C:\Users\sebastian\SkyDrive 2014-03-16 20:16 - 2014-01-06 08:55 - 00581072 _____ () C:\Windows\PFRO.log 2014-03-16 20:02 - 2014-03-16 19:55 - 00000000 ____D () C:\zoek_backup 2014-03-16 20:02 - 2014-03-07 19:50 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-16 19:55 - 2014-03-16 20:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-16 19:55 - 2014-03-16 19:55 - 04095370 _____ () C:\Users\sebastian\Downloads\zoek.zip 2014-03-16 19:53 - 2014-03-16 19:52 - 01285120 _____ () C:\Users\sebastian\Downloads\zoek.exe 2014-03-16 19:48 - 2014-03-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 19:29 - 2014-02-04 21:13 - 00000000 ____D () C:\AdwCleaner 2014-03-16 18:46 - 2014-03-16 18:46 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner (2).exe 2014-03-16 18:44 - 2014-03-16 18:44 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner.exe 2014-03-16 18:42 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-16 18:42 - 2014-03-02 22:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-16 18:39 - 2014-03-16 18:39 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Intel Corporation 2014-03-16 18:39 - 2014-02-04 21:06 - 00000000 ____D () C:\Users\sebastian 2014-03-16 18:38 - 2014-03-16 18:38 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Apple Computer 2014-03-16 18:37 - 2014-03-16 18:37 - 00001457 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\VirtualStore 2014-03-16 18:37 - 2014-02-09 16:43 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 18:30 - 2014-03-16 18:29 - 00000000 ____D () C:\Signatur 2014-03-14 18:20 - 2013-08-22 15:44 - 00481408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 18:45 - 2014-03-12 18:40 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:45 - 2014-03-12 18:40 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-03-12 18:45 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-03-12 18:45 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klelam.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-12 18:40 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-03-12 18:35 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-12 18:31 - 2014-01-22 04:45 - 00000000 ____D () C:\ProgramData\AVG2014 2014-03-12 18:31 - 2014-01-22 04:41 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 15:53 - 2014-01-29 12:19 - 00000000 ____D () C:\Users\Asus1\AppData\Local\CrashDumps 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:52 - 2014-01-06 09:08 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-08 19:52 - 2013-08-23 00:24 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2014-03-08 19:52 - 2013-08-23 00:24 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:35 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-03-01 07:05 - 2014-03-14 13:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-14 13:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-14 13:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-14 13:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-14 13:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-14 13:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-14 13:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-14 13:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-14 13:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-14 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-14 13:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-14 13:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-14 13:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-14 13:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-14 13:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 19:43 - 2014-02-27 19:51 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky 2014-02-26 15:34 - 2014-02-01 18:20 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Fernzugang einrichten 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism 2014-02-21 13:15 - 2014-01-23 20:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-21 13:13 - 2014-01-23 20:56 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-14 13:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 ==================== End Of Log ============================ --- --- --- |
22.03.2014, 15:50 | #13 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus, Systemlook ausführen: Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Treten noch immer Probleme mit "eazel.com" auf? Wenn ja, in welchem Browser? |
23.03.2014, 15:38 | #14 |
| en.eazel.com Virus entfernen Windows 8 Hallo, vielen Dank :-) Schritt 1/a:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Asus1 at 2014-03-23 15:25:44 Running from Z:\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== "Durchstarten mit Ponky - Mathe 1+2" (HKLM-x32\...\"Durchstarten mit Ponky - Mathe 1+2") (Version: 2.00 - Engel Edition) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz) FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.1 - IniCom Networks, Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free AVI Video Converter version 5.0.32.1230 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel) Intel(R) Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nero 9 Essentials (HKLM-x32\...\{3729d804-fb93-4ebf-a272-cf2655d0d32c}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.21.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) SpeedCommander 15 (x64) (HKLM\...\SpeedCommander 15 (x64)) (Version: 15.00.7340 - SWE Sven Ritter) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version: - Microsoft) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-01-22 17:58 - 2014-01-06 14:57 - 00215744 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\System.ComponentModel.Composition.dll 2014-01-22 17:58 - 2014-01-06 14:57 - 03111104 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.SmartConnect.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 02526912 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.ConnectCenter.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00604352 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AppUp.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00152768 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AntiTheft.UI.dll 2014-02-22 14:03 - 2014-02-22 14:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sebastian\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/22/2014 02:40:13 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (03/21/2014 08:44:13 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ec0 Startzeit: 01cf453de417ea1f Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 2b610918-b131-11e3-8289-ce33cb84606a Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/21/2014 08:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/21/2014 08:44:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/19/2014 07:06:12 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/18/2014 08:22:10 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1508 Startzeit: 01cf42df5003e565 Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 982f761d-aed2-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/18/2014 08:22:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/18/2014 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/16/2014 08:32:58 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20413 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit: 01cf414dd8e1be4c Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c51531a2-ad41-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/16/2014 08:22:22 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fe4 Startzeit: 01cf414c57f51542 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 4b985056-ad40-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (03/22/2014 02:51:46 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/22/2014 02:51:16 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/22/2014 02:04:48 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/22/2014 02:04:18 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/21/2014 08:44:10 PM) (Source: DCOM) (User: GuhlPc) Description: Microsoft.Windows.PhotoManager Error: (03/20/2014 09:01:21 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/20/2014 07:15:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FD33BFD5-B62C-4640-AF3A-9FEB5DA830EB} Error: (03/20/2014 07:14:25 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\system32\config\SYSTEM Error: (03/20/2014 07:13:53 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E951C5BF-E567-4716-96FB-514A0EFAB485} Error: (03/20/2014 07:12:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Windows\system32\config\SYSTEM Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3972.97 MB Available physical RAM: 1773.86 MB Total Pagefile: 8068.97 MB Available Pagefile: 5392.11 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:236.62 GB) (Free:190.29 GB) NTFS Drive f: (Volume) (Fixed) (Total:211.47 GB) (Free:211.35 GB) NTFS Drive w: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive x: () (Network) (Total:37.57 GB) (Free:31.02 GB) NTFS Drive y: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive z: (Volume) (Network) (Total:28.63 GB) (Free:0.98 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Schritt 1/b: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Asus1 (ATTENTION: The logged in user is not administrator) on GUHLPC on 23-03-2014 15:25:20 Running from Z:\Desktop Windows 8.1 Pro (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Akamai Technologies, Inc.) C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Small Business Advantage\ToastNotifications\ToastNotifications.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [IntelSBA] - C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [5293248 2014-01-06] (Intel Corporation) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Asus1\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=49212aaab52d47d2a1e24597c63ae81b-b174aead82f4f0c65509a60ccf31657e07ec585f /CMPID=1213b HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Asus1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Startup: C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing SearchScopes: HKLM - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM-x32 - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS SearchScopes: HKCU - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB Tcpip\..\Interfaces\{705DC192-39C3-4063-A90A-E88A36CEA373}: [NameServer]192.168.178.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22] CHR Extension: (Google Drive) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22] CHR Extension: (YouTube) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22] CHR Extension: (Google-Suche) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-12] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-12] CHR Extension: (Virtuelle Tastatur) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-03-12] CHR Extension: (Google Wallet) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22] CHR Extension: (Google Mail) - C:\Users\Asus1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-23] (AVG Technologies) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-12] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-12] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2014-03-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-12] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-12] (Kaspersky Lab ZAO) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-21 21:07 - 2014-03-21 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-20 20:21 - 2014-03-22 20:25 - 00000000 ____D () C:\download2 2014-03-20 20:01 - 2014-03-22 20:30 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\UseNeXT 2014-03-20 20:01 - 2014-03-20 20:01 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-03-20 19:59 - 2014-03-20 19:59 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\Asus1\Downloads\UseNeXTSetup_5.63.exe 2014-03-19 18:03 - 2014-01-04 16:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll 2014-03-19 18:03 - 2014-01-04 16:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll 2014-03-19 18:03 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll 2014-03-19 18:03 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll 2014-03-19 18:03 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-03-19 18:03 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-03-19 18:03 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-03-19 18:03 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2014-03-19 18:03 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-03-19 18:03 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll 2014-03-19 18:03 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll 2014-03-19 18:03 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2014-03-19 18:03 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2014-03-19 18:03 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 2014-03-19 18:03 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 18:03 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2014-03-19 18:03 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-03-19 18:03 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2014-03-19 18:03 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll 2014-03-19 18:03 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-19 18:03 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-19 18:02 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2014-03-19 18:02 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-03-19 18:02 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-03-19 18:02 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-03-19 18:02 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2014-03-19 18:02 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-03-19 18:02 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-03-19 18:02 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll 2014-03-19 18:02 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2014-03-19 18:02 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll 2014-03-19 18:02 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2014-03-19 18:02 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll 2014-03-19 18:02 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll 2014-03-19 18:02 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys 2014-03-19 18:02 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe 2014-03-19 18:02 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll 2014-03-17 20:33 - 2014-03-17 20:35 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-16 20:17 - 2014-03-16 20:19 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-16 20:03 - 2014-03-16 19:55 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-16 19:56 - 2014-03-16 20:17 - 00007805 _____ () C:\zoek-results.log 2014-03-16 19:55 - 2014-03-16 20:02 - 00000000 ____D () C:\zoek_backup 2014-03-16 19:55 - 2014-03-16 19:55 - 04095370 _____ () C:\Users\sebastian\Downloads\zoek.zip 2014-03-16 19:52 - 2014-03-16 19:53 - 01285120 _____ () C:\Users\sebastian\Downloads\zoek.exe 2014-03-16 18:46 - 2014-03-16 18:46 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner (2).exe 2014-03-16 18:44 - 2014-03-16 18:44 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner.exe 2014-03-16 18:42 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-16 18:39 - 2014-03-16 20:17 - 00000000 ___RD () C:\Users\sebastian\SkyDrive 2014-03-16 18:39 - 2014-03-16 18:39 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Intel Corporation 2014-03-16 18:38 - 2014-03-16 18:38 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Apple Computer 2014-03-16 18:37 - 2014-03-16 20:27 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Packages 2014-03-16 18:37 - 2014-03-16 18:37 - 00001457 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\VirtualStore 2014-03-16 18:29 - 2014-03-16 18:30 - 00000000 ____D () C:\Signatur 2014-03-15 19:30 - 2014-03-23 15:25 - 00000000 ____D () C:\FRST 2014-03-14 13:10 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-14 13:10 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-14 13:10 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-14 13:10 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-14 13:10 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-14 13:10 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-14 13:10 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-14 13:10 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 13:10 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-14 13:10 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-14 13:10 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-14 13:10 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 13:10 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-03-14 13:10 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-03-14 13:09 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-14 13:09 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-14 13:09 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-14 13:09 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-03-14 13:09 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-03-14 13:09 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2014-03-14 13:09 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2014-03-14 13:09 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2014-03-14 13:09 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-03-14 13:09 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2014-03-14 13:09 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2014-03-14 13:09 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-03-14 13:09 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2014-03-14 13:09 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2014-03-14 13:09 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2014-03-14 13:09 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2014-03-14 13:09 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2014-03-14 13:09 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-03-14 13:09 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2014-03-14 13:09 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-03-14 13:09 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 13:09 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-14 13:09 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2014-03-14 13:09 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-03-14 13:09 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-14 13:09 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-03-14 13:09 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 13:09 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2014-03-14 13:09 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll 2014-03-14 13:09 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-14 13:09 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-03-14 13:09 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:41 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2014-03-12 18:40 - 2014-03-23 15:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-12 18:40 - 2014-03-12 18:45 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:40 - 2014-03-12 18:45 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-16 19:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-08 19:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-12 18:35 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:50 - 2014-03-16 20:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:34 - 2014-03-04 21:35 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-04 21:34 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-03-04 21:34 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-03-04 21:34 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-03-04 21:34 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-03-04 21:34 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-02-27 19:51 - 2014-02-27 19:43 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky ==================== One Month Modified Files and Folders ======= 2014-03-23 15:25 - 2014-03-15 19:30 - 00000000 ____D () C:\FRST 2014-03-23 15:20 - 2014-01-22 03:55 - 01120083 _____ () C:\Windows\WindowsUpdate.log 2014-03-23 15:16 - 2014-03-12 18:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-23 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2014-03-23 15:00 - 2014-01-22 18:29 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-23 14:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-03-22 20:30 - 2014-03-20 20:01 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\UseNeXT 2014-03-22 20:30 - 2014-02-07 20:49 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\MediaMonkey 2014-03-22 20:25 - 2014-03-20 20:21 - 00000000 ____D () C:\download2 2014-03-22 19:45 - 2014-01-22 18:29 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-21 21:07 - 2014-03-21 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-21 21:07 - 2014-01-26 12:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-20 21:22 - 2014-01-23 13:17 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Adobe 2014-03-20 20:39 - 2013-08-22 15:46 - 00024720 _____ () C:\Windows\setupact.log 2014-03-20 20:01 - 2014-03-20 20:01 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2014-03-20 19:59 - 2014-03-20 19:59 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\Asus1\Downloads\UseNeXTSetup_5.63.exe 2014-03-20 19:33 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-20 19:33 - 2014-01-22 03:56 - 00000000 ___RD () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-20 19:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-03-20 19:01 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-19 20:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-03-18 20:21 - 2014-01-31 19:57 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\FileZilla 2014-03-17 20:35 - 2014-03-17 20:33 - 00000000 ____D () C:\Users\Asus1\AppData\Local\adawarebp 2014-03-16 20:27 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\Packages 2014-03-16 20:19 - 2014-03-16 20:17 - 00000000 ____D () C:\Users\sebastian\AppData\Local\adawarebp 2014-03-16 20:17 - 2014-03-16 19:56 - 00007805 _____ () C:\zoek-results.log 2014-03-16 20:17 - 2014-03-16 18:39 - 00000000 ___RD () C:\Users\sebastian\SkyDrive 2014-03-16 20:16 - 2014-01-06 08:55 - 00581072 _____ () C:\Windows\PFRO.log 2014-03-16 20:02 - 2014-03-16 19:55 - 00000000 ____D () C:\zoek_backup 2014-03-16 20:02 - 2014-03-07 19:50 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-16 19:55 - 2014-03-16 20:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-16 19:55 - 2014-03-16 19:55 - 04095370 _____ () C:\Users\sebastian\Downloads\zoek.zip 2014-03-16 19:53 - 2014-03-16 19:52 - 01285120 _____ () C:\Users\sebastian\Downloads\zoek.exe 2014-03-16 19:48 - 2014-03-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 19:29 - 2014-02-04 21:13 - 00000000 ____D () C:\AdwCleaner 2014-03-16 18:46 - 2014-03-16 18:46 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner (2).exe 2014-03-16 18:44 - 2014-03-16 18:44 - 01950720 _____ () C:\Users\sebastian\Downloads\adwcleaner.exe 2014-03-16 18:42 - 2014-03-16 18:42 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-03-16 18:42 - 2014-03-02 22:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-16 18:39 - 2014-03-16 18:39 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Intel Corporation 2014-03-16 18:39 - 2014-02-04 21:06 - 00000000 ____D () C:\Users\sebastian 2014-03-16 18:38 - 2014-03-16 18:38 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Apple Computer 2014-03-16 18:37 - 2014-03-16 18:37 - 00001457 _____ () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-16 18:37 - 2014-03-16 18:37 - 00000000 ____D () C:\Users\sebastian\AppData\Local\VirtualStore 2014-03-16 18:37 - 2014-02-09 16:43 - 00000000 ___RD () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-16 18:30 - 2014-03-16 18:29 - 00000000 ____D () C:\Signatur 2014-03-14 18:20 - 2013-08-22 15:44 - 00481408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-14 18:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 18:45 - 2014-03-12 18:40 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-12 18:45 - 2014-03-12 18:40 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-03-12 18:45 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2014-03-12 18:45 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2014-03-12 18:45 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klelam.sys 2014-03-12 18:41 - 2014-03-12 18:41 - 00001313 _____ () C:\Users\Asus1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk 2014-03-12 18:40 - 2014-03-12 18:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-03-12 18:40 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-03-12 18:35 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\LavasoftStatistics 2014-03-12 18:31 - 2014-01-22 04:45 - 00000000 ____D () C:\ProgramData\AVG2014 2014-03-12 18:31 - 2014-01-22 04:41 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-11 16:37 - 2014-03-11 16:37 - 00000000 ____D () C:\Windows\ERUNT 2014-03-11 15:53 - 2014-01-29 12:19 - 00000000 ____D () C:\Users\Asus1\AppData\Local\CrashDumps 2014-03-08 19:56 - 2014-03-08 19:56 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Malwarebytes 2014-03-08 19:52 - 2014-01-06 09:08 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-08 19:52 - 2013-08-23 00:24 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2014-03-08 19:52 - 2013-08-23 00:24 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Malwarebytes 2014-03-08 19:30 - 2014-03-08 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-07 20:37 - 2014-03-07 20:37 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys 2014-03-07 20:22 - 2014-03-07 20:22 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Lavasoft 2014-03-07 19:51 - 2014-03-07 19:51 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-07 19:49 - 2014-03-07 19:49 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 21:36 - 2014-03-04 21:36 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\PDF Architect 2014-03-04 21:35 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-04 21:34 - 2014-03-04 21:34 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-03 19:29 - 2014-03-03 19:29 - 500855175 _____ () C:\Windows\MEMORY.DMP 2014-03-03 19:29 - 2014-03-03 19:29 - 00000000 ____D () C:\Windows\Minidump 2014-03-02 22:44 - 2014-03-02 22:44 - 00000000 _____ () C:\autoexec.bat 2014-03-02 22:43 - 2014-03-02 22:43 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Roaming\Unity 2014-03-02 16:52 - 2014-03-02 16:52 - 00000000 ____D () C:\Users\Asus1\AppData\Local\Unity 2014-03-01 07:05 - 2014-03-14 13:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 05:58 - 2014-03-14 13:10 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:30 - 2014-03-14 13:10 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:17 - 2014-03-14 13:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 04:54 - 2014-03-14 13:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:47 - 2014-03-14 13:10 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:42 - 2014-03-14 13:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:18 - 2014-03-14 13:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:14 - 2014-03-14 13:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-14 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-14 13:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 03:57 - 2014-03-14 13:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-14 13:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-14 13:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-14 13:10 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-14 13:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-27 19:43 - 2014-02-27 19:51 - 00001960 _____ () C:\Users\sebastian\fritzbox_a9kwust4gul7rgbi_myfritz_net.cfg 2014-02-27 17:50 - 2014-02-27 17:50 - 00000051 _____ () C:\Windows\DurchstartenM12.ini 2014-02-27 17:50 - 2014-02-27 17:50 - 00000000 ____D () C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Durchstarten mit Ponky 2014-02-27 17:48 - 2014-02-27 17:48 - 00000000 ____D () C:\Program Files (x86)\Ponky 2014-02-26 15:34 - 2014-02-01 18:20 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Fernzugang einrichten 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-02-21 14:00 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism 2014-02-21 13:15 - 2014-01-23 20:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-21 13:13 - 2014-01-23 20:56 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-14 13:09] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Hallo, vielen Dank :-) Schritt 1a:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Asus1 at 2014-03-23 15:25:44 Running from Z:\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== "Durchstarten mit Ponky - Mathe 1+2" (HKLM-x32\...\"Durchstarten mit Ponky - Mathe 1+2") (Version: 2.00 - Engel Edition) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Whiz (HKLM-x32\...\{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}) (Version: 8.1 - Driver Whiz) FlashFXP v3 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 3.6.0.1240.1 - IniCom Networks, Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free AVI Video Converter version 5.0.32.1230 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel) Intel(R) Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.47.8420 - Intel(R) Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nero 9 Essentials (HKLM-x32\...\{3729d804-fb93-4ebf-a272-cf2655d0d32c}) (Version: - Nero AG) Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden Nero ShowTime (x32 Version: 5.4.21.100 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) SpeedCommander 15 (x64) (HKLM\...\SpeedCommander 15 (x64)) (Version: 15.00.7340 - SWE Sven Ritter) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Outlook 2007 Junk Email Filter (kb947945) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E397056B-7AE5-4FF1-8B13-276BF8201847}) (Version: - Microsoft) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-01-22 17:58 - 2014-01-06 14:57 - 00215744 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\System.ComponentModel.Composition.dll 2014-01-22 17:58 - 2014-01-06 14:57 - 03111104 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.SmartConnect.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 02526912 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.ConnectCenter.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00604352 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AppUp.UI.dll 2014-01-22 17:58 - 2014-01-06 14:56 - 00152768 _____ () C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\Intel.SBA.AntiTheft.UI.dll 2014-02-22 14:03 - 2014-02-22 14:03 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\sebastian\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/22/2014 02:40:13 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (03/21/2014 08:44:13 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ec0 Startzeit: 01cf453de417ea1f Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 2b610918-b131-11e3-8289-ce33cb84606a Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/21/2014 08:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/21/2014 08:44:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/19/2014 07:06:12 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (03/18/2014 08:22:10 PM) (Source: Application Hang) (User: ) Description: Programm PhotosApp.exe, Version 6.3.9600.16507 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1508 Startzeit: 01cf42df5003e565 Endzeit: 4294967295 Anwendungspfad: C:\Windows\FileManager\PhotosApp.exe Berichts-ID: 982f761d-aed2-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.Windows.PhotoManager Error: (03/18/2014 08:22:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (03/18/2014 08:22:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: GuhlPc) Description: Die App „FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error: (03/16/2014 08:32:58 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20413 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: aa0 Startzeit: 01cf414dd8e1be4c Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: c51531a2-ad41-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/16/2014 08:22:22 PM) (Source: Application Hang) (User: ) Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fe4 Startzeit: 01cf414c57f51542 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 4b985056-ad40-11e3-8288-94de80de01e8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (03/22/2014 02:51:46 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/22/2014 02:51:16 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/22/2014 02:04:48 PM) (Source: DCOM) (User: GuhlPc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/22/2014 02:04:18 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/21/2014 08:44:10 PM) (Source: DCOM) (User: GuhlPc) Description: Microsoft.Windows.PhotoManager Error: (03/20/2014 09:01:21 PM) (Source: DCOM) (User: GuhlPc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/20/2014 07:15:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{FD33BFD5-B62C-4640-AF3A-9FEB5DA830EB} Error: (03/20/2014 07:14:25 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\system32\config\SYSTEM Error: (03/20/2014 07:13:53 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a171\??\Volume{f4feec68-eab8-4fbd-9686-21f803527527}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E951C5BF-E567-4716-96FB-514A0EFAB485} Error: (03/20/2014 07:12:41 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0x8000002a78\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Windows\system32\config\SYSTEM Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3972.97 MB Available physical RAM: 1773.86 MB Total Pagefile: 8068.97 MB Available Pagefile: 5392.11 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:236.62 GB) (Free:190.29 GB) NTFS Drive f: (Volume) (Fixed) (Total:211.47 GB) (Free:211.35 GB) NTFS Drive w: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive x: () (Network) (Total:37.57 GB) (Free:31.02 GB) NTFS Drive y: () (Network) (Total:152.66 GB) (Free:127.16 GB) NTFS Drive z: (Volume) (Network) (Total:28.63 GB) (Free:0.98 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ SystemLook 30.07.11 by jpshortstuff Log created at 15:38 on 23/03/2014 by sebastian Administrator - Elevation successful ========== regfind ========== Searching for "eazel" No data found. -= EOF =- |
24.03.2014, 12:09 | #15 |
/// TB-Ausbilder | en.eazel.com Virus entfernen Windows 8 Servus, führe den folgenden FRST-Fix aus, starte deinen Rechner anschließend selbst neu auf und beobachte, ob du dann immer noch Probleme mit "eazel.com" hast... und wenn ja, dann führe Schritt 2 aus. Schritt 3 bitte auf jeden Fall ausführen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start HKU\S-1-5-21-2585991977-3148199159-469251199-1001\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Asus1\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=49212aaab52d47d2a1e24597c63ae81b-b174aead82f4f0c65509a60ccf31657e07ec585f /CMPID=1213b AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found C:\PROGRA~2\SearchProtect SearchScopes: HKLM - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0D0EtDtC0EzztAyDzztBtN0D0Tzu0SyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=263781894&ir= SearchScopes: HKLM-x32 - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS SearchScopes: HKCU - DefaultScope {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {063446DA-E038-4A25-9CD5-B0CB24E7B81F} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Program Files\Enigma Software Group end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Setze folgendermaßen den Internet Explorer zurück:
Schritt 2 Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mit deiner nächsten Antwort
|
Themen zu en.eazel.com Virus entfernen Windows 8 |
andere, diverse, entferne, entfernen, kaspersky, probiert, regedit, runter, virus, virus entfernen, windows, windows 8, windows 8.1 |