| |
| |||||||
Log-Analyse und Auswertung: Browser lädt alle 10 Sekunden neuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2014, 09:25
| #1 |
 |  Browser lädt alle 10 Sekunden neu Hallo, bei einem Download habe ich mir wohl etwas eingefangen. Alle 10 Sekunden lädt der Browser neu (Google Chrome, Firefox und IExplorer auch). Wenn ich etwas schreibe, wird das ständig unterbrochen. Malwarebytes und Avira haben nichts gefunden. JRT hänge ich an. Während ich diese Nachricht verfasst habe, musste der PC neu gestartet werden: "Auf dem PC ist ein Fehler aufgetreten." Das hatte ich auch noch nie. Heute Früh habe ich ein Refresh gemacht und gehofft, dass der Fehler dadurch behoben werden kann - dem war leider nicht so. Ein Bekannter hat auch schon einige Malware-Programme ausprobiert. Leider kann ich das jetzt nicht mehr nachvollziehen, weil durch den Refresh alle Programme weg sind :-(. Würde mich sehr freuen, wenn mir geholfen werden könnte. Vielen Dank schon mal! defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:23 on 19/03/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ***** (administrator) on ***** on 19-03-2014 08:30:35
Running from C:\Users\*****\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(RZL Software GmbH) C:\Program Files (x86)\RZLWin\RZL Internet Programmaktualisierung.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Index.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\*****\Downloads\FRST64 (1).exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RZL-PatchLoader] - C:\Program Files (x86)\RZLWin\RZL Internet Programmaktualisierung.exe [2483936 2013-07-22] (RZL Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-14] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCON13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {68B85386-FE1F-4170-AD98-68D2D66983EE} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-14] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-02] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2013-08-01] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2013-08-01] (SafeNet Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-19 15:06 - 2014-03-19 15:06 - 00000000 ____D () C:\Windows.old
2014-03-19 14:29 - 2014-03-19 06:13 - 00000000 ____D () C:\Windows\Panther
2014-03-19 08:25 - 2014-03-19 08:25 - 02157056 _____ (Farbar) C:\Users\*****\Downloads\FRST64 (1).exe
2014-03-19 08:23 - 2014-03-19 08:23 - 00000484 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-03-19 08:23 - 2014-03-19 08:23 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-19 08:22 - 2014-03-19 08:22 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-19 08:14 - 2014-03-19 08:14 - 00000952 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-19 08:02 - 2014-03-19 08:02 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 07:57 - 2014-03-19 07:57 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-03-19 07:46 - 2014-03-19 07:46 - 00000000 ____D () C:\Users\*****\AppData\Local\Google
2014-03-19 06:46 - 2014-03-19 06:46 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira
2014-03-19 06:43 - 2014-03-19 06:43 - 00000000 ____D () C:\Users\*****\AppData\Local\AMD
2014-03-19 06:42 - 2014-03-19 06:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ATI
2014-03-19 06:42 - 2014-03-19 06:42 - 00000000 ____D () C:\Users\*****\AppData\Local\ATI
2014-03-19 06:41 - 2014-03-19 06:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Synaptics
2014-03-19 06:41 - 2014-03-19 06:41 - 00000000 ____D () C:\Users\*****\AppData\Local\Hewlett-Packard
2014-03-19 06:40 - 2014-03-19 06:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 06:40 - 2014-03-19 06:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 06:31 - 2014-03-19 06:31 - 00001442 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 06:31 - 2014-03-19 06:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-03-19 06:29 - 2014-03-19 06:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Power2Go8
2014-03-19 06:28 - 2014-03-19 06:28 - 00000020 ___SH () C:\Users\*****\ntuser.ini
2014-03-19 06:28 - 2014-03-19 06:28 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-03-19 06:16 - 2014-03-19 06:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-19 06:14 - 2014-03-19 06:14 - 00000654 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-03-19 06:13 - 2014-03-19 06:13 - 00000000 ____D () C:\Users\Public\Libraries
2014-03-19 06:10 - 2014-03-19 08:23 - 00000000 ____D () C:\Users\*****
2014-03-19 06:10 - 2014-03-19 06:12 - 00000000 ___HD () C:\Users\*****\Documents\hp.system.package.metadata
2014-03-19 06:10 - 2014-03-19 06:12 - 00000000 ___HD () C:\Users\Administrator\Documents\hp.system.package.metadata
2014-03-19 06:10 - 2014-03-19 06:12 - 00000000 ____D () C:\Users\Administrator
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Vorlagen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Startmenü
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Netzwerkumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Lokale Einstellungen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Eigene Dateien
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Druckumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Documents\Eigene Musik
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Documents\Eigene Bilder
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Local\Verlauf
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Local\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-19 06:10 - 2012-10-19 21:20 - 00002120 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-19 06:10 - 2012-10-19 21:20 - 00002120 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-19 06:10 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-19 05:27 - 2014-03-19 14:29 - 00000000 ___HD () C:\$SysReset
2014-03-18 17:19 - 2014-03-18 17:23 - 194045080 _____ (Kaspersky Lab) C:\Users\*****\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-03-18 16:57 - 2014-03-18 16:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-18 16:57 - 2014-03-18 16:57 - 00710848 _____ ( ) C:\Users\*****\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe
2014-03-17 21:38 - 2014-03-19 08:30 - 00012206 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-17 21:38 - 2014-03-19 08:30 - 00000000 ____D () C:\FRST
2014-03-17 21:38 - 2014-03-17 21:38 - 02157056 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-03-17 21:37 - 2014-03-17 21:37 - 00000130 _____ () C:\Users\*****\Desktop\fixlist.txt
2014-03-17 21:32 - 2014-03-17 21:32 - 00987442 _____ () C:\Users\*****\Downloads\SecurityCheck.exe
2014-03-17 17:07 - 2014-03-17 17:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-17 17:06 - 2014-03-17 17:06 - 00707006 _____ () C:\Users\*****\Downloads\delfix.exe
2014-03-17 07:24 - 2014-03-17 21:20 - 00001012 _____ () C:\DelFix.txt
2014-03-16 16:40 - 2014-03-16 16:40 - 00014194 _____ () C:\Users\*****\Downloads\Cogi.ECD
2014-03-02 10:27 - 2014-03-02 10:27 - 00000000 ____D () C:\Users\*****\Documents\Susi Quiz02032014
2014-03-01 09:44 - 2014-03-01 09:44 - 00000000 ____D () C:\Users\*****\Documents\Fax
2014-02-24 07:07 - 2014-02-24 07:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-23 21:43 - 2014-02-14 11:00 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-23 21:43 - 2014-02-14 11:00 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-23 21:43 - 2014-02-14 11:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-23 21:39 - 2014-03-19 06:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-23 21:39 - 2014-03-19 06:16 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-23 21:39 - 2014-02-23 21:43 - 00000000 ____D () C:\ProgramData\Avira
2014-02-23 15:10 - 2014-02-23 15:10 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 15:09 - 2014-02-23 15:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-23 15:08 - 2014-02-23 15:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-23 15:03 - 2011-07-06 07:56 - 06544384 ____R (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\system32\cdintf450_64.dll
2014-02-23 15:03 - 2011-07-06 07:56 - 04840960 ____R (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf450.dll
2014-02-23 15:03 - 2011-07-06 07:56 - 04840960 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-02-23 15:03 - 2011-07-06 07:55 - 04828528 _____ (Amyuni Technologies Inc. - hxxp://www.amyuni.com) C:\Windows\SysWOW64\pdfcreactivex.dll
2014-02-23 15:03 - 2011-07-06 07:55 - 00533504 _____ (Amyuni Technologies Inc. - hxxp://www.amyuni.com) C:\Windows\SysWOW64\acpdfcrext.dll
2014-02-23 15:02 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2014-02-23 15:02 - 2013-08-01 15:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2014-02-23 15:01 - 2014-02-23 15:03 - 00016630 _____ () C:\Windows\aksdrvsetup.log
2014-02-23 15:01 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2014-02-23 15:01 - 2013-08-01 15:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00303624 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksusb.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00077768 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\aksusb4.dll
2014-02-23 15:01 - 2013-08-01 15:11 - 00070088 _____ (SafeNet Inc.) C:\Windows\system32\akshhl30.dll
2014-02-23 15:01 - 2013-08-01 15:11 - 00063944 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshhl.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00060488 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\akshasp.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00021448 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksclass.sys
2014-02-23 15:01 - 2013-08-01 15:11 - 00018376 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\system32\akshsp52.dll
2014-02-23 14:58 - 2014-02-23 15:10 - 00000000 ____D () C:\ProgramData\RZLWin
2014-02-23 14:58 - 2014-02-23 15:01 - 00000000 ____D () C:\Program Files (x86)\RZLWin
2014-02-23 14:58 - 2014-02-23 14:58 - 00000000 ____D () C:\ProgramData\RZL
2014-02-23 14:39 - 2014-02-23 14:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-02-23 14:29 - 2014-02-23 14:29 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-23 14:28 - 2014-02-23 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-23 14:24 - 2014-02-23 14:24 - 00000000 __RHD () C:\MSOCache
2014-02-23 13:54 - 2014-02-23 14:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-23 13:09 - 2014-02-23 13:09 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-23 13:09 - 2014-02-23 13:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-23 13:08 - 2014-02-23 13:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-23 12:52 - 2014-02-24 07:08 - 00000000 ____D () C:\RefreshImage
2014-02-23 12:49 - 2014-03-19 08:09 - 00168111 _____ () C:\MyXML.xml
2014-02-23 12:49 - 2014-02-23 12:49 - 00000000 ____D () C:\ProgramData\IObit
2014-02-23 12:48 - 2014-02-23 12:48 - 00003172 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate
2014-02-23 12:48 - 2014-02-23 12:48 - 00002057 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-02-23 12:48 - 2014-02-23 12:48 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-23 12:47 - 2014-02-23 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-23 12:45 - 2014-03-19 08:11 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1233937774-3720186681-1736916128-1002
2014-02-23 12:38 - 2014-03-19 06:27 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 12:36 - 2014-03-19 07:41 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 12:36 - 2014-03-19 06:28 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 12:36 - 2014-02-23 12:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 12:36 - 2014-02-23 12:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 12:36 - 2014-02-23 12:36 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 12:29 - 2014-03-19 07:06 - 01756818 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 12:22 - 2014-03-19 06:41 - 00006344 _____ () C:\Users\*****\Desktop\Entfernte Anwendungen.html
2014-02-23 12:22 - 2014-02-23 12:22 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-23 08:08 - 2014-02-23 08:08 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-02-22 23:23 - 2014-03-19 06:13 - 00060741 _____ () C:\Windows\diagwrn.xml
2014-02-22 23:23 - 2014-03-19 06:13 - 00057856 _____ () C:\Windows\diagerr.xml
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-02-22 23:19 - 2014-02-22 23:19 - 00002306 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1233937774-3720186681-1736916128-500
2014-02-18 17:07 - 2014-02-18 17:07 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-02-18 16:43 - 2014-03-19 06:31 - 00000000 ____D () C:\Users\*****\AppData\Local\Packages
2014-02-18 15:44 - 2014-02-18 15:44 - 00000000 ____D () C:\$WINDOWS.~BT
==================== One Month Modified Files and Folders =======
2014-03-19 15:06 - 2014-03-19 15:06 - 00000000 ____D () C:\Windows.old
2014-03-19 15:06 - 2012-07-26 09:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-03-19 14:29 - 2014-03-19 05:27 - 00000000 ___HD () C:\$SysReset
2014-03-19 08:30 - 2014-03-17 21:38 - 00012206 _____ () C:\Users\*****\Downloads\FRST.txt
2014-03-19 08:30 - 2014-03-17 21:38 - 00000000 ____D () C:\FRST
2014-03-19 08:25 - 2014-03-19 08:25 - 02157056 _____ (Farbar) C:\Users\*****\Downloads\FRST64 (1).exe
2014-03-19 08:23 - 2014-03-19 08:23 - 00000484 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-03-19 08:23 - 2014-03-19 08:23 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-03-19 08:23 - 2014-03-19 06:10 - 00000000 ____D () C:\Users\*****
2014-03-19 08:22 - 2014-03-19 08:22 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-03-19 08:14 - 2014-03-19 08:14 - 00000952 _____ () C:\Users\*****\Desktop\JRT.txt
2014-03-19 08:11 - 2014-02-23 12:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1233937774-3720186681-1736916128-1002
2014-03-19 08:09 - 2014-02-23 12:49 - 00168111 _____ () C:\MyXML.xml
2014-03-19 08:02 - 2014-03-19 08:02 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 08:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-19 07:57 - 2014-03-19 07:57 - 01037734 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-03-19 07:46 - 2014-03-19 07:46 - 00000000 ____D () C:\Users\*****\AppData\Local\Google
2014-03-19 07:41 - 2014-02-23 12:36 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 07:06 - 2014-02-23 12:29 - 01756818 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 06:46 - 2014-03-19 06:46 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira
2014-03-19 06:43 - 2014-03-19 06:43 - 00000000 ____D () C:\Users\*****\AppData\Local\AMD
2014-03-19 06:42 - 2014-03-19 06:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ATI
2014-03-19 06:42 - 2014-03-19 06:42 - 00000000 ____D () C:\Users\*****\AppData\Local\ATI
2014-03-19 06:41 - 2014-03-19 06:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Synaptics
2014-03-19 06:41 - 2014-03-19 06:41 - 00000000 ____D () C:\Users\*****\AppData\Local\Hewlett-Packard
2014-03-19 06:41 - 2014-02-23 12:22 - 00006344 _____ () C:\Users\*****\Desktop\Entfernte Anwendungen.html
2014-03-19 06:40 - 2014-03-19 06:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 06:40 - 2014-03-19 06:40 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 06:31 - 2014-03-19 06:31 - 00001442 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 06:31 - 2014-03-19 06:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-03-19 06:31 - 2014-02-18 16:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Packages
2014-03-19 06:29 - 2014-03-19 06:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Power2Go8
2014-03-19 06:28 - 2014-03-19 06:28 - 00000020 ___SH () C:\Users\*****\ntuser.ini
2014-03-19 06:28 - 2014-03-19 06:28 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-03-19 06:28 - 2014-02-23 12:36 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 06:27 - 2014-02-23 12:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 06:16 - 2014-03-19 06:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-19 06:16 - 2014-02-23 21:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 06:16 - 2014-02-23 21:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-19 06:15 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-19 06:14 - 2014-03-19 06:14 - 00000654 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-03-19 06:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 06:14 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-03-19 06:13 - 2014-03-19 14:29 - 00000000 ____D () C:\Windows\Panther
2014-03-19 06:13 - 2014-03-19 06:13 - 00000000 ____D () C:\Users\Public\Libraries
2014-03-19 06:13 - 2014-02-22 23:23 - 00060741 _____ () C:\Windows\diagwrn.xml
2014-03-19 06:13 - 2014-02-22 23:23 - 00057856 _____ () C:\Windows\diagerr.xml
2014-03-19 06:13 - 2012-07-26 08:21 - 00508733 _____ () C:\Windows\setupact.log
2014-03-19 06:12 - 2014-03-19 06:10 - 00000000 ___HD () C:\Users\*****\Documents\hp.system.package.metadata
2014-03-19 06:12 - 2014-03-19 06:10 - 00000000 ___HD () C:\Users\Administrator\Documents\hp.system.package.metadata
2014-03-19 06:12 - 2014-03-19 06:10 - 00000000 ____D () C:\Users\Administrator
2014-03-19 06:12 - 2012-08-03 23:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Vorlagen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Startmenü
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Netzwerkumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Lokale Einstellungen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Eigene Dateien
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Druckumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Documents\Eigene Musik
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Documents\Eigene Bilder
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Local\Verlauf
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\AppData\Local\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\*****\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-03-19 06:10 - 2014-03-19 06:10 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-03-19 06:08 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 05:28 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-18 17:23 - 2014-03-18 17:19 - 194045080 _____ (Kaspersky Lab) C:\Users\*****\Downloads\pure13.0.2.558abcdDE_5372.exe
2014-03-18 16:57 - 2014-03-18 16:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-18 16:57 - 2014-03-18 16:57 - 00710848 _____ ( ) C:\Users\*****\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe
2014-03-17 21:38 - 2014-03-17 21:38 - 02157056 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-03-17 21:37 - 2014-03-17 21:37 - 00000130 _____ () C:\Users\*****\Desktop\fixlist.txt
2014-03-17 21:32 - 2014-03-17 21:32 - 00987442 _____ () C:\Users\*****\Downloads\SecurityCheck.exe
2014-03-17 21:20 - 2014-03-17 07:24 - 00001012 _____ () C:\DelFix.txt
2014-03-17 17:08 - 2014-03-17 17:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-17 17:06 - 2014-03-17 17:06 - 00707006 _____ () C:\Users\*****\Downloads\delfix.exe
2014-03-16 16:40 - 2014-03-16 16:40 - 00014194 _____ () C:\Users\*****\Downloads\Cogi.ECD
2014-03-16 12:21 - 2013-03-06 13:11 - 00000000 ____D () C:\HP Universal Print Driver
2014-03-09 15:03 - 2014-02-16 14:54 - 00000000 ____D () C:\Users\*****\Documents\Kompetenzraster
2014-03-02 10:27 - 2014-03-02 10:27 - 00000000 ____D () C:\Users\*****\Documents\Susi Quiz02032014
2014-03-01 13:17 - 2013-02-27 14:48 - 00000000 ____D () C:\Users\*****\Documents\Eigene Dateien
2014-03-01 09:44 - 2014-03-01 09:44 - 00000000 ____D () C:\Users\*****\Documents\Fax
2014-02-26 13:56 - 2013-05-13 16:30 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-02-24 07:08 - 2014-02-23 12:52 - 00000000 ____D () C:\RefreshImage
2014-02-24 07:07 - 2014-02-24 07:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-24 07:07 - 2012-07-26 08:21 - 00001613 _____ () C:\Windows\setuperr.log
2014-02-24 07:01 - 2012-12-17 01:25 - 00000000 ____D () C:\ProgramData\Norton
2014-02-24 07:01 - 2012-10-19 20:37 - 00441152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-24 07:01 - 2012-08-03 23:23 - 01006830 _____ () C:\Windows\PFRO.log
2014-02-23 21:43 - 2014-02-23 21:39 - 00000000 ____D () C:\ProgramData\Avira
2014-02-23 21:37 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-02-23 21:37 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-02-23 15:10 - 2014-02-23 15:10 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 15:10 - 2014-02-23 14:58 - 00000000 ____D () C:\ProgramData\RZLWin
2014-02-23 15:09 - 2014-02-23 15:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-23 15:09 - 2014-02-23 15:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-23 15:03 - 2014-02-23 15:01 - 00016630 _____ () C:\Windows\aksdrvsetup.log
2014-02-23 15:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\setup
2014-02-23 15:01 - 2014-02-23 14:58 - 00000000 ____D () C:\Program Files (x86)\RZLWin
2014-02-23 14:58 - 2014-02-23 14:58 - 00000000 ____D () C:\ProgramData\RZL
2014-02-23 14:44 - 2014-02-23 13:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-23 14:39 - 2014-02-23 14:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-23 14:38 - 2012-08-03 23:37 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-23 14:37 - 2014-02-23 14:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-02-23 14:37 - 2012-10-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-23 14:37 - 2012-07-26 08:52 - 00000000 ____D () C:\Windows\ShellNew
2014-02-23 14:29 - 2014-02-23 14:29 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-23 14:28 - 2014-02-23 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-23 14:28 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini
2014-02-23 14:24 - 2014-02-23 14:24 - 00000000 __RHD () C:\MSOCache
2014-02-23 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-23 13:50 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\restore
2014-02-23 13:09 - 2014-02-23 13:09 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-23 13:09 - 2014-02-23 13:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-23 13:09 - 2014-02-23 13:08 - 00000000 ____D () C:\ProgramData\Skype
2014-02-23 12:49 - 2014-02-23 12:49 - 00000000 ____D () C:\ProgramData\IObit
2014-02-23 12:49 - 2014-02-23 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-23 12:48 - 2014-02-23 12:48 - 00003172 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate
2014-02-23 12:48 - 2014-02-23 12:48 - 00002057 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-02-23 12:48 - 2014-02-23 12:48 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-23 12:48 - 2014-02-23 12:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-23 12:38 - 2014-02-23 12:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 12:36 - 2014-02-23 12:36 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 12:36 - 2014-02-23 12:36 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 12:22 - 2014-02-23 12:22 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-23 12:21 - 2012-10-19 21:24 - 00000000 ___RD () C:\Program Files\Online Services
2014-02-23 12:21 - 2012-10-19 21:23 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-02-23 12:20 - 2012-08-04 01:02 - 00000000 ____D () C:\SYSTEM.SAV
2014-02-23 12:11 - 2012-10-20 06:07 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-02-23 12:11 - 2012-10-20 06:07 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-02-23 12:11 - 2012-07-26 08:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 08:08 - 2014-02-23 08:08 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-02-22 23:27 - 2012-10-19 21:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-02-22 23:22 - 2014-02-22 23:22 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-02-22 23:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-22 23:20 - 2012-08-03 23:40 - 00010171 _____ () C:\Windows\iis.log
2014-02-22 23:20 - 2012-07-26 09:13 - 00004552 _____ () C:\Windows\DtcInstall.log
2014-02-22 23:19 - 2014-02-22 23:19 - 00002306 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1233937774-3720186681-1736916128-500
2014-02-18 17:07 - 2014-02-18 17:07 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-02-18 15:44 - 2014-02-18 15:44 - 00000000 ____D () C:\$WINDOWS.~BT
2014-02-18 14:33 - 2013-12-11 10:19 - 00010755 _____ () C:\Users\*****\daemonprocess.txt
2014-02-17 09:08 - 2014-01-25 13:46 - 00000000 __RDO () C:\Users\*****\SkyDrive
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-08-03 23:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-03-19 08:31:29
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20918 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3CEC10BE-CD7C-8E99-E3AC-DD31F4416C1C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0918.260.3365 - Ihr Firmenname) Hidden
Avira (HKLM-x32\...\{54e41ca6-dd37-46c6-ac9e-32183e09bfcd}) (Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RZLWin (Lokal) (HKLM-x32\...\RZLWin (Lokal)) (Version: 1.50.5.1 - RZL Software GmbH)
Sentinel Runtime (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1038DBE5-F399-4AA0-B6E4-9622D73F5807} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29186D06-18FD-48FE-921A-9CB264311537} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-02] (IObit)
Task: {2A12643D-F816-4B74-9A8C-BFDEBD2F94C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {46276F46-3BC6-4B16-AC14-8D653FDE9BE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {732861BF-CA85-4E6A-8532-AC1D8F0BEF10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {90207E37-DF60-456A-BE27-367D6DBD9891} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {978B5AA9-D1CF-40AB-AEEB-55B4601F07CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BE2756FE-E962-4C1E-AB93-DFF8FDE006D3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D2D62A6A-62B4-4E7D-86AF-53158E5CA7BF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-09-18 03:12 - 2012-09-18 03:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-26 08:55 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-18 03:11 - 2012-09-18 03:11 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-18 02:58 - 2012-09-18 02:58 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-23 12:48 - 2013-12-02 17:12 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-02-23 12:48 - 2013-12-02 17:12 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-02-23 12:48 - 2013-12-02 17:12 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-02-23 21:44 - 2014-02-14 11:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00111696 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00061520 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-12-17 01:11 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-19 06:41 - 2014-03-14 12:46 - 00049744 _____ () C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-23 12:48 - 2013-12-02 17:12 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-19 06:27 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-02-23 12:48 - 2013-12-02 17:13 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\*****\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2014 08:31:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPConnectedRemoteService.exe, Version: 1.0.1218.0, Zeitstempel: 0x5078a573
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00000000000189cc
ID des fehlerhaften Prozesses: 0x20a8
Startzeit der fehlerhaften Anwendung: 0xHPConnectedRemoteService.exe0
Pfad der fehlerhaften Anwendung: HPConnectedRemoteService.exe1
Pfad des fehlerhaften Moduls: HPConnectedRemoteService.exe2
Berichtskennung: HPConnectedRemoteService.exe3
Vollständiger Name des fehlerhaften Pakets: HPConnectedRemoteService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPConnectedRemoteService.exe5
Error: (03/19/2014 08:31:57 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: HPConnectedRemoteService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
bei System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
bei SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
bei SwitchBoard.SwitchBoardService.RunService()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (03/19/2014 08:31:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPConnectedRemoteService.exe, Version: 1.0.1218.0, Zeitstempel: 0x5078a573
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00000000000189cc
ID des fehlerhaften Prozesses: 0x1b40
Startzeit der fehlerhaften Anwendung: 0xHPConnectedRemoteService.exe0
Pfad der fehlerhaften Anwendung: HPConnectedRemoteService.exe1
Pfad des fehlerhaften Moduls: HPConnectedRemoteService.exe2
Berichtskennung: HPConnectedRemoteService.exe3
Vollständiger Name des fehlerhaften Pakets: HPConnectedRemoteService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPConnectedRemoteService.exe5
Error: (03/19/2014 08:31:33 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: HPConnectedRemoteService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
bei System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
bei SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
bei SwitchBoard.SwitchBoardService.RunService()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (03/19/2014 08:31:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPConnectedRemoteService.exe, Version: 1.0.1218.0, Zeitstempel: 0x5078a573
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00000000000189cc
ID des fehlerhaften Prozesses: 0x2234
Startzeit der fehlerhaften Anwendung: 0xHPConnectedRemoteService.exe0
Pfad der fehlerhaften Anwendung: HPConnectedRemoteService.exe1
Pfad des fehlerhaften Moduls: HPConnectedRemoteService.exe2
Berichtskennung: HPConnectedRemoteService.exe3
Vollständiger Name des fehlerhaften Pakets: HPConnectedRemoteService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPConnectedRemoteService.exe5
Error: (03/19/2014 08:31:13 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: HPConnectedRemoteService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
bei System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
bei SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
bei SwitchBoard.SwitchBoardService.RunService()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (03/19/2014 08:30:54 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPConnectedRemoteService.exe, Version: 1.0.1218.0, Zeitstempel: 0x5078a573
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00000000000189cc
ID des fehlerhaften Prozesses: 0x1ffc
Startzeit der fehlerhaften Anwendung: 0xHPConnectedRemoteService.exe0
Pfad der fehlerhaften Anwendung: HPConnectedRemoteService.exe1
Pfad des fehlerhaften Moduls: HPConnectedRemoteService.exe2
Berichtskennung: HPConnectedRemoteService.exe3
Vollständiger Name des fehlerhaften Pakets: HPConnectedRemoteService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPConnectedRemoteService.exe5
Error: (03/19/2014 08:30:53 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: HPConnectedRemoteService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
bei System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
bei SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
bei SwitchBoard.SwitchBoardService.RunService()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (03/19/2014 08:30:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPConnectedRemoteService.exe, Version: 1.0.1218.0, Zeitstempel: 0x5078a573
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ab2d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00000000000189cc
ID des fehlerhaften Prozesses: 0x1c08
Startzeit der fehlerhaften Anwendung: 0xHPConnectedRemoteService.exe0
Pfad der fehlerhaften Anwendung: HPConnectedRemoteService.exe1
Pfad des fehlerhaften Moduls: HPConnectedRemoteService.exe2
Berichtskennung: HPConnectedRemoteService.exe3
Vollständiger Name des fehlerhaften Pakets: HPConnectedRemoteService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPConnectedRemoteService.exe5
Error: (03/19/2014 08:30:33 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: HPConnectedRemoteService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
bei System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
bei SwitchBoard.Utils.WCFServiceHostUtil.setupService(System.Object, System.Type, Int32, Boolean)
bei SwitchBoard.SwitchBoardService.RunService()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (03/19/2014 08:31:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 558 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:31:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 557 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:31:01 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 556 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:30:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 555 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:30:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 554 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:30:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 553 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:29:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 552 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:29:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 551 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:29:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 550 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/19/2014 08:29:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 549 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 5602.26 MB
Available physical RAM: 3047.95 MB
Total Pagefile: 9954.26 MB
Available Pagefile: 4084.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:578.39 GB) (Free:490.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.67 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: D4AD0251)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-19 08:46:47
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 Hitachi_HTS547564A9E384 rev.JEDOA50A 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kfloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atiesrxx.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fef1d5177a 4 bytes [D5, F1, FE, 07]
.text C:\Windows\system32\atiesrxx.exe[1000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fef1d51782 4 bytes [D5, F1, FE, 07]
.text C:\Windows\system32\atieclxx.exe[2588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fef1d5177a 4 bytes [D5, F1, FE, 07]
.text C:\Windows\system32\atieclxx.exe[2588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fef1d51782 4 bytes [D5, F1, FE, 07]
.text C:\Windows\system32\atieclxx.exe[2588] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007feedb21b32 4 bytes [B2, ED, FE, 07]
.text C:\Windows\system32\atieclxx.exe[2588] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007feedb21b3a 4 bytes [B2, ED, FE, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4384] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fef1d5177a 4 bytes [D5, F1, FE, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4384] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fef1d51782 4 bytes [D5, F1, FE, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fef1d5177a 4 bytes [D5, F1, FE, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fef1d51782 4 bytes [D5, F1, FE, 07]
.text C:\Windows\explorer.exe[792] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3211532 4 bytes [21, E3, FE, 07]
.text C:\Windows\explorer.exe[792] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee321153a 4 bytes [21, E3, FE, 07]
.text C:\Windows\explorer.exe[792] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee321165a 4 bytes [21, E3, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [520:540] fffff960008de5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by ***** on 19.03.2014 at 8:02:16,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68B85386-FE1F-4170-AD98-68D2D66983EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{68B85386-FE1F-4170-AD98-68D2D66983EE}
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2014 at 8:14:26,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
19.03.2014, 09:33
| #2 |
| /// the machine /// TB-Ausbilder    | Browser lädt alle 10 Sekunden neu Hi,
__________________was für einen Refresh?
__________________ |
|
19.03.2014, 15:39
| #3 |
| | Browser lädt alle 10 Sekunden neu Windows 8.
__________________Statt Neuinstallation kann man ein Refresh machen, damit zumindest die Dateien erhalten bleiben. Nachtrag: Auch bei den Office-Programmen wird das Arbeiten alle 10 Sekunden unterbrochen. |
|
20.03.2014, 09:53
| #4 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu Welcher Browser macht die Probleme? Oder machen das mehrere?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2014, 10:01
| #5 |
| | Browser lädt alle 10 Sekunden neu Hallo schrauben, leider alle Browser. LG Rika |
|
20.03.2014, 10:46
| #6 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu Trotz einem Refresh? Sehr merkwürdig. Keyboard intern oder extern?
__________________ --> Browser lädt alle 10 Sekunden neu |
|
20.03.2014, 11:12
| #7 |
| | Browser lädt alle 10 Sekunden neu Ist ein Laptop. Hab nichts angehängt. Leider kann ich jetzt nicht nachschauen, welcher es ist (HP, mehr weiß ich nicht auswendig). Bin erst am Nachmittag wieder zu Hause. |
|
20.03.2014, 12:10
| #8 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu Hast Du ein externes Keyboard da? Um das Interne abzuschalten? vielleicht hängt nur die F5 Taste.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2014, 15:55
| #9 |
| | Browser lädt alle 10 Sekunden neu Danke, das werd ich machen. Muss ich die interne irgendwie deaktivieren? LG Rika externe Tastatur ist jetzt angehängt. Die interne lässt sich nicht deaktivieren. Die müsste man deinstallieren. Nur wird dann ein Neustart verlangt. Nach dem Neustart ist sie wieder aktiviert, ohne Neustart wird sie nicht deaktiviert. Die F5-Taste auf der internen Tastatur funktioniert anscheinend normal. 1x drücken und Seite wird neu geladen. LG Rika |
|
21.03.2014, 10:57
| #10 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu im BIOS sollte man die deaktivieren können. Mir fällt kein Grund ein warum die Browser so reagieren sollte nach einem Refresh.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.03.2014, 14:45
| #11 |
| | Browser lädt alle 10 Sekunden neu Ok, danke. Bin ich froh, dass ich nicht allein planlos bin  Werd dann eine Wiederherstellung machen. Muss ich defogger wieder umstellen vorher? LG Rika |
|
22.03.2014, 10:33
| #12 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu kannste machen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.03.2014, 17:16
| #13 |
| | Browser lädt alle 10 Sekunden neu Dankeschön :-) Neu aufgesetzt und es funktioniert wieder alles |
|
23.03.2014, 11:13
| #14 |
| /// the machine /// TB-Ausbilder | Browser lädt alle 10 Sekunden neu ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Browser lädt alle 10 Sekunden neu |
| adobe, antivir, antivirus, avira, bonjour, branding, browser, computer_bild-download-manager, converter, defender, desktop, device driver, error, excel, fehler, firefox, google, home, installation, kaspersky, launch, mozilla, realtek, refresh, registry, rundll, sekunden, software, svchost.exe, system, windowsapps |
Linear-Darstellung
