| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Benutzerkonto wird fremd geleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.04.2014, 01:54
| #1 |
 |  Windows 7: Benutzerkonto wird fremd geleitet Hallo an alle, ich habe mir leider etwas eingefangen. Ohne Probleme funktioniert nur mein Admin-Konto, aber ich habe schon so viel rumgemacht, dass auch hier bereits Malware am Start war. Snapdo u.a. + irgendetwas mit Open Candy glaube ich. Mein Benutzerkonto verhält sich folgendermaßen: Als Hintergrundbild habe ich immer ein neues Foto von Bing. Dieses Bild bleibt immer gleich + aktualisiert sich nicht mehr. Aktualisierungen von Virenscannern werden nicht mehr durchgeführt. Den Echtzeitschutz von Malwarebytes konnte ich nicht aktivieren. Internet Explorer öffnet sich nicht mehr. Firefox öffnet sich mit Snapdo. Als ich mich im Online-Banking anmelden wollte, startete auf einmal Freemake Downloader, den ich auf dem Rechner hatte. Ihn habe ich deinstalliert + mich natürlich mit dem Benutzerkonto nicht im Online Banking angemeldet. Alles läuft extrem langsam. Ich habe das Admin-Konto im abgesicherten Modus gestartet + als Administrator Rkill, Malwarebytes + TDSSKiller laufen lassen, aber nichts änderte sich. Mein Notebook war dann so heiß, dass es teilweise nicht mehr startete. Ich hatte aber so einen Zorn, dass ich es immer wieder probiert habe, so dass das System schon fast zerschossen war. Eine Systemabbild-Rückspielung brachte eine Fehlermeldung, setzte den Rechner aber doch auf 2013 zurück. Allerdings ohne Besserung im Benutzerkonto zu bringen.  Panda Cloud Cleaner brachte noch ein paar Probleme, die ich beheben ließ.Ich hoffe, dass ihr mir helfen könnt, den Rechner + das Benutzerkonto doch noch zu retten. Ich muss dringend an meine E-Mails + kann nicht. Hier sind die Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:07 on 04/04/2014 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Admin (administrator) on DANI-PC on 04-04-2014 01:11:18
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Sierra Wireless Inc.) C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2387088 2013-04-10] (Microsoft Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [BrowserChoice] - C:\Windows\System32\browserchoice.exe [293376 2013-06-13] (Microsoft Corporation)
HKU\S-1-5-21-989268616-2580872740-1510082382-1005\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PostDa.exe - Verknüpfung.lnk
ShortcutTarget: PostDa.exe - Verknüpfung.lnk -> C:\Users\Admin\Downloads\postda_mit_pdf\PostDa.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freenet.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF54F4976454ECF01
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.97 - C:\Program Files\NOS\bin\np_gp.dll No File
FF Plugin: @pandasecurity.com/activescan - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\staged [2014-04-02]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hy2vqeap.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-09-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-08]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-10]
========================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168592 2013-04-10] (Microsoft Corp.)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [292384 2006-12-04] (Sierra Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [3718656 2010-03-24] (Broadcom Corporation)
==================== Drivers (Whitelisted) ====================
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-03-24] (Broadcom Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:06 - 2014-04-04 01:07 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 00:31 - 2014-04-04 00:41 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:03 - 2014-04-04 00:04 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 19:57 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-04-03 03:27 - 2014-04-03 03:30 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 00:35 - 2014-04-03 19:19 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-02 22:10 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2014-03-24 07:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-04-02 17:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:40 - 2014-04-02 09:48 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:39 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-02 09:39 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-02 09:39 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-02 09:39 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-02 09:39 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-02 09:39 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-02 09:39 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-02 09:38 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-02 09:38 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-02 09:38 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-02 09:38 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-02 09:38 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-02 09:38 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-02 09:38 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-02 09:38 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-02 09:38 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-02 09:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-02 09:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-02 09:38 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-02 09:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-02 09:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-02 09:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-02 09:37 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-02 08:56 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-02 08:56 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-02 08:56 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-02 08:56 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-02 08:56 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-02 08:56 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-02 08:56 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-02 08:56 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-02 08:56 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-02 08:56 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-02 08:36 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-02 08:36 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-02 08:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-02 08:27 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-02 08:27 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-02 08:27 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-02 08:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-02 08:27 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-02 08:27 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-02 08:27 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-02 08:26 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-02 08:26 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-02 08:25 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-02 08:24 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-02 08:24 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-02 08:24 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-02 08:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-02 08:23 - 2013-09-25 04:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-02 08:23 - 2013-09-25 04:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-02 08:23 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-02 08:23 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-02 08:23 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-02 08:23 - 2013-09-25 02:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-02 08:23 - 2013-09-25 02:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-02 08:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-02 08:23 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-02 08:23 - 2013-07-04 14:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-02 08:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-02 08:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-02 08:20 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-02 08:20 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-02 08:20 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-02 08:20 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-02 08:20 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-02 08:20 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-02 08:20 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-02 08:20 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-02 08:20 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-02 08:20 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-02 08:20 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-02 08:20 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-02 08:20 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-02 08:20 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-02 08:19 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-02 08:19 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-02 08:19 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-02 08:19 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-02 08:19 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-02 08:19 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-02 08:19 - 2013-10-03 03:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-02 08:19 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-02 08:19 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-02 08:19 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-02 08:19 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-02 08:19 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-02 08:05 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-01 22:57 - 2014-04-02 22:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 21:36 - 2014-03-31 19:54 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-08 02:59 - 2014-03-18 01:07 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
2014-03-08 02:42 - 2014-03-08 03:07 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
==================== One Month Modified Files and Folders =======
2014-04-04 01:11 - 2014-04-04 01:11 - 00016247 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-04-04 01:11 - 2014-04-04 01:11 - 00000000 ____D () C:\FRST
2014-04-04 01:09 - 2014-04-04 01:09 - 01145856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-04-04 01:07 - 2014-04-04 01:06 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2014-04-04 01:06 - 2014-04-04 01:06 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-04-04 01:06 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Admin
2014-04-04 01:04 - 2013-06-13 22:02 - 01840652 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 01:00 - 2009-07-14 06:34 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 00:52 - 2013-06-13 22:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 00:45 - 2011-09-25 05:37 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 00:44 - 2013-06-14 12:41 - 00005065 _____ () C:\Windows\setupact.log
2014-04-04 00:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 00:42 - 2013-06-13 01:04 - 00000000 ____D () C:\Users\Admin\Downloads\Patchloader Win7 Reparatur
2014-04-04 00:41 - 2014-04-04 00:31 - 00008594 _____ () C:\Users\Admin\Desktop\Windows-Kompatibilitätsbericht.htm
2014-04-04 00:41 - 2011-03-22 19:35 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-04-04 00:41 - 2011-03-22 19:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-04-04 00:37 - 2013-06-14 12:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-04 00:35 - 2011-09-25 05:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 00:33 - 2010-08-22 17:03 - 00000000 ____D () C:\Users\Dani\Scans
2014-04-04 00:16 - 2012-07-27 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 00:04 - 2014-04-04 00:03 - 04982419 _____ (IDG Tech Media GmbH ) C:\Users\Admin\Downloads\pcwPatchLoader_v2-Setup_2.3.2.exe
2014-04-03 23:53 - 2011-09-25 14:55 - 00103158 _____ () C:\Windows\PFRO.log
2014-04-03 20:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nico Mak Computing
2014-04-03 19:43 - 2014-04-03 19:43 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-04-03 19:19 - 2014-04-03 00:35 - 00002574 _____ () C:\Users\Admin\Desktop\Rkill.txt
2014-04-03 19:04 - 2013-07-10 18:30 - 00000000 ____D () C:\Users\Dani\AppData\Local\FreePDF_XP
2014-04-03 03:31 - 2014-04-03 03:31 - 00001240 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-03 03:31 - 2011-03-29 04:11 - 00000000 ____D () C:\Program Files\Panda Security
2014-04-03 03:30 - 2014-04-03 03:27 - 28413552 _____ (Panda Security ) C:\Users\Admin\Downloads\PandaCloudCleaner.exe
2014-04-03 02:58 - 2014-04-03 02:58 - 00131072 ____N () C:\Windows\Minidump\040314-28250-01.dmp
2014-04-03 02:58 - 2013-06-14 02:01 - 00000000 ____D () C:\Windows\Minidump
2014-04-03 00:22 - 2013-06-13 22:17 - 00085040 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 00:21 - 2013-06-13 20:59 - 00000000 ___RD () C:\Users\Dani
2014-04-02 22:43 - 2014-04-01 22:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-02 22:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-02 22:07 - 2011-09-24 21:37 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-02 22:06 - 2014-04-02 22:06 - 00000000 ____D () C:\Windows\Temp0FBBE685-B4BF-CE0A-EDFD-EFD21D841C1F-Signatures
2014-04-02 22:06 - 2012-05-16 17:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-02 21:47 - 2014-04-02 21:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-02 21:46 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-04-02 21:43 - 2014-04-02 21:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-02 21:39 - 2011-08-06 21:45 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-02 17:43 - 2013-09-18 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 10:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-02 10:17 - 2012-04-01 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-02 10:17 - 2011-05-19 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-02 10:03 - 2013-07-10 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-02 09:48 - 2014-04-02 09:40 - 00009846 _____ () C:\Windows\IE10_main.log
2014-04-02 09:43 - 2014-04-02 09:43 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-02 09:43 - 2014-04-02 09:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-02 09:43 - 2014-04-02 09:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-02 09:43 - 2014-04-02 09:43 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-02 09:43 - 2014-04-02 09:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-02 09:43 - 2014-04-02 09:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-02 09:43 - 2014-04-02 09:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-02 09:43 - 2014-04-02 09:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-02 09:21 - 2010-03-25 23:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-02 09:21 - 2009-07-14 06:33 - 00345488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-02 09:16 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Gast
2014-04-02 08:32 - 2013-06-13 20:59 - 00000000 ____D () C:\Users\Administrator
2014-04-02 08:31 - 2013-06-14 14:13 - 00000000 ____D () C:\Users\Dani\Downloads\postda_mit_pdf
2014-04-02 08:31 - 2013-02-24 23:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\PDF reDirect
2014-04-02 08:31 - 2013-01-18 19:08 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-02 08:31 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Adobe
2014-04-02 08:31 - 2012-09-29 05:59 - 00000000 ____D () C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2014-04-02 08:31 - 2012-08-26 17:18 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-02 08:31 - 2012-07-16 18:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-02 08:31 - 2012-04-07 15:18 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-02 08:31 - 2011-04-03 01:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-02 08:31 - 2011-03-23 17:38 - 00000000 ____D () C:\Program Files\PixelNet Software
2014-04-02 08:31 - 2011-03-23 16:37 - 00000000 ____D () C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2014-04-02 08:31 - 2011-03-23 14:56 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-02 08:31 - 2011-03-23 14:53 - 00000000 ____D () C:\ProgramData\Installations
2014-04-02 08:31 - 2010-05-29 23:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-05-29 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2014-04-02 08:31 - 2010-03-25 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-02 08:31 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-02 08:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-02 08:30 - 2014-02-08 04:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wise Registry Cleaner
2014-04-02 08:29 - 2014-02-01 04:04 - 00000000 ____D () C:\Users\Dani\Downloads\defender41
2014-04-02 08:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-02 08:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-04-02 08:23 - 2011-04-03 01:57 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-04-02 08:22 - 2012-07-18 07:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 08:22 - 2012-04-24 23:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\elsterformular
2014-04-02 08:22 - 2011-12-31 06:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-02 08:21 - 2013-06-13 20:55 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-04-02 08:21 - 2013-01-18 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-02 08:21 - 2011-03-05 14:20 - 00000000 ____D () C:\Program Files\Java
2014-04-02 07:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-02 07:35 - 2013-06-14 01:27 - 00085040 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 21:30 - 2013-09-15 03:37 - 00000000 ____D () C:\Users\Dani\Ulk
2014-03-31 19:54 - 2014-03-31 21:36 - 892371968 _____ () C:\Users\Dani\outlook.pst
2014-03-31 19:51 - 2013-09-27 02:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 19:16 - 2011-04-14 19:59 - 00000000 ____D () C:\Users\Dani\Eigene Scans
2014-03-24 07:30 - 2014-04-02 21:39 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\TDSSKiller.exe
2014-03-24 07:30 - 2012-06-14 19:24 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Dani\Downloads\TDSSKiller.exe
2014-03-24 01:28 - 2014-03-24 01:28 - 00000000 ____D () C:\Program Files\Lucom
2014-03-18 01:07 - 2014-03-08 02:59 - 00000000 ____D () C:\Users\Dani\Desktop\Arbeit
2014-03-11 09:52 - 2012-03-20 20:44 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-08 03:07 - 2014-03-08 02:42 - 00000000 ____D () C:\Users\Dani\Desktop\Robotersauger
2014-03-08 02:58 - 2014-03-08 02:58 - 00000000 ____D () C:\Users\Dani\Neuer Ordner
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 20:14
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Admin at 2014-04-04 01:12:47
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
ActivClient x86 (Version: 6.2 - ActivIdentity) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Allway Sync version 10.4.0 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{A990D795-F751-39DA-DDD4-07ED04CEC7CE}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
AuthenTec Fingerprint System (Version: 8.0.202.0 - AuthenTec, Inc.) Hidden
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.2.126.0 - Microsoft Corporation)
BIOS Configuration for HP ProtectTools (HKLM\...\{1960BE46-E85A-4933-B10A-6D8516585288}) (Version: 4.00 E1 - Hewlett-Packard)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.18.12 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canasta Deluxe DEMO 1.0 (HKLM\...\{FC2E457B-5109-4FA2-94F0-8E577AE54CA7}_is1) (Version: Canasta Deluxe DEMO - Zone 2 Media GmbH)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0521.2235.38731 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0521.2235.38731 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0521.2235.38731 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Czech (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Danish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Dutch (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help English (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Finnish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help French (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help German (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Greek (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Italian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Japanese (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Korean (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Polish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Russian (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Spanish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Swedish (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Thai (Version: 2009.0521.2234.38731 - ATI) Hidden
CCC Help Turkish (Version: 2009.0521.2234.38731 - ATI) Hidden
ccc-core-static (Version: 2009.0521.2235.38731 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0521.2235.38731 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Credential Manager for HP ProtectTools (Version: 4.1.6.1484 - Hewlett-Packard Company) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DelinvFile - 4.04 (HKLM\...\DelinvFile_is1) (Version: 4.04 - Assistance and Resources for Computing, Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.3 - Hewlett-Packard)
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Media Foundation Components (HKLM\...\{DA703982C580418795BF4001AA9D7061}) (Version: 1.0.0 - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP Classic-Client (HKLM\...\{EB32B660-3A59-4361-864B-E0116B5AF340}) (Version: 2.7.0.0 - bos KG)
ElsterFormular (HKLM\...\ElsterFormular 13.1.1.8531p) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{789C97CE-9E17-4126-BDF4-11FF458BF705}) (Version: 1.0.1.10 - Hewlett-Packard)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.0 - EZ Freeware)
Free YouTube to MP3 Converter version 3.10.11.923 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Broadband Wireless Modules (HKLM\...\{AA0CBF76-BD8E-48C0-AE32-31684A629836}) (Version: 18.14.1715.1 - Sierra Wireless Inc)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP ESU for Microsoft Windows 7 (HKLM\...\{1C47EEFD-ADC8-4B7C-9979-C550573B4C42}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP JavaCard for HP ProtectTools (Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP ProtectTools Security Manager (Version: 04.10.10.0003 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager Suite (HKLM\...\{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}) (Version: 04.10.10.0003 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP SoftPaq Download Manager (HKLM\...\{3F728815-C7E8-40EA-8D1A-F7B8E2382325}) (Version: 3.4.10.0 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer 2.0 (HKLM\...\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}) (Version: 2.0.7 - MetaGeek)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 19.0 (x86 de) (HKLM\...\Mozilla Firefox 19.0 (x86 de)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Panda ActiveScan 2.0 (HKLM\...\ActiveScan 2.0) (Version: 01.04.01.0000 - Panda Security)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
pcwPatchLoader 2.3.2 (HKLM\...\{84420A29-9A17-416E-AE2E-019BC23B5353}_is1) (Version: - IDG Tech Media GmbH)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PixelNet Software 4.12.1 (HKLM\...\PixelNet Software) (Version: 4.12.1 - ORWO Net)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
Privacy Manager for HP ProtectTools (HKLM\...\{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}) (Version: 1.0.1.599 - DigitalPersona, Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RT 7 Lite (32-Bit) (HKCU\...\RT 7 Lite x86) (Version: 2.6.0 - Rockers Team)
RT 7 Lite x86 (Version: 2.6.0 - Rockers Team) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5240 - Analog Devices)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TARGUS ACP45 (HKLM\...\{72AFDA89-371C-4596-B1ED-6F0E2CFFE5AA}) (Version: 3.1.4 - Targus)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Default Setting (HKLM\...\{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}) (Version: 1.0.0.8 - Hewlett-Packard)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
02-04-2014 06:20:14 Windows Update
02-04-2014 06:27:38 Windows Update
02-04-2014 07:39:22 Windows Update
02-04-2014 19:52:18 TuneUp Utilities 2014 wird entfernt
02-04-2014 19:53:24 TuneUp Utilities 2014 (de-DE) wird entfernt
02-04-2014 19:58:47 Windows Update
03-04-2014 22:00:06 Windows Modules Installer
03-04-2014 22:49:25 Windows Modules Installer
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {31C8669B-9C3B-451B-9AC7-164294F6AA55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {38B42F69-650A-42BB-B0C1-063502D58BFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {462CFE2D-16BF-4049-8500-B886B8728731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)
Task: {5500CCD2-0905-4F7E-821B-F5BE1EDBFE55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {641B1BE8-CAA4-43F1-A59B-975028D0226F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-02] (Adobe Systems Incorporated)
Task: {7CE267E9-11F3-48FF-B585-4CEEB3F63631} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7E09977D-C7E9-42F6-88E4-2DA4D2F77D58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7EB934C2-E92C-4FCC-B76D-BC23E55E7AEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A438A2B3-BC47-43F9-A1AF-10EE72B542EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {DBFA760D-0806-4728-9277-2DFF2AE20525} - System32\Tasks\Games\UpdateCheck_S-1-5-21-989268616-2580872740-1510082382-1005
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateChoiceProcessTask.job => C:\Windows\System32\browserchoice.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2013-07-10 18:27 - 2012-08-18 11:31 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2010-03-24 17:51 - 2010-03-24 17:51 - 00026112 _____ () C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
2011-01-23 18:38 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-04 23:32 - 2010-07-04 23:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24685898.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24685898.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager) (User: Dani-PC)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.
Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}
Error: (04/02/2014 07:12:39 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}
Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}
Error: (04/02/2014 06:09:25 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}
Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}
Error: (04/02/2014 05:53:26 AM) (Source: VSS) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}
Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
System errors:
=============
Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%20
Error: (04/04/2014 00:44:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet:
%%20
Error: (04/04/2014 00:44:40 AM) (Source: RasMan) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden.
Error: (04/04/2014 00:44:35 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht.
Error: (04/04/2014 00:07:30 AM) (Source: DCOM) (User: )
Description: {69D77689-DA2B-4308-8404-2614CBF9896E}
Error: (04/03/2014 11:54:55 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.
Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 8
Prozessor-ID: 0
Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.
Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler beendet:
%%20
Error: (04/03/2014 11:54:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Routing und RAS" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%20
Error: (04/03/2014 11:54:29 PM) (Source: RasMan) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [vpnike.dll] nicht initialisiert wurde. Das System kann das angegebene Gerät nicht finden.
Error: (04/03/2014 11:54:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bing Desktop Update service erreicht.
Microsoft Office Sessions:
=========================
Error: (04/02/2014 09:55:40 PM) (Source: Microsoft-Windows-RestartManager)(User: Dani-PC)
Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511754800
Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}
Error: (04/02/2014 07:12:39 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {0a5120b7-631c-4056-a00f-0c2dc323e8f2}
Error: (04/02/2014 07:11:48 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}
Error: (04/02/2014 06:09:25 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {cea2d437-2539-4499-b850-8c6136243a6c}
Error: (04/02/2014 06:08:31 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}
Error: (04/02/2014 05:53:26 AM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80110474, Die COM+-Registrierungsdatenbank hat eine Systemfehler festgestellt.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {4f5e9d9d-0f12-4e8b-be80-882e6634bab9}
Error: (04/02/2014 05:52:33 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 2943.3 MB
Available physical RAM: 1700.42 MB
Total Pagefile: 5884.9 MB
Available Pagefile: 4438.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:71.6 GB) (Free:15.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:2.93 GB) (Free:2.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8451F94D)
Partition 1: (Active) - (Size=72 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 01:54:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: g5w19qcz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kxldapod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E40A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90829000, 0x2678C8, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\BTHUSB \Device\00000078 bthport.sys
Device \Driver\BTHUSB \Device\0000007a bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb109fe
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb109fe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@FindFlags 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit@LastKey Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{ae4bd3be-f36f-45b6-8d21-bdd6fb832853}\ChannelReferences\2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Rkill 2.5.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/03/2014 07:16:56 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* COM+-Ereignissystem (EventSystem) is not Running.
Startup Type set to: Automatic
* Sicherheitscenter (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 04/03/2014 07:19:30 PM
Execution time: 0 hours(s), 2 minute(s), and 34 seconds(s)
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.04.02.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 10.0.9200.16844 Admin :: DANI-PC [Administrator] 02.04.2014 17:46:50 mbam-log-2014-04-02 (17-46-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 501714 Laufzeit: 1 Stunde(n), 34 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Daten: SnapdoOCYB -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Admin\AppData\Roaming\OpenCandy\5F4FEAB891874B3E967754948A89A94B\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\968E141CC0FE4FB59222C47EF0DD37BB\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
| Themen zu Windows 7: Benutzerkonto wird fremd geleitet |
| branding, device driver, dringend, dvdvideosoft ltd., e-banking, firefox, flash player, homepage, internet explorer, java/exploit.agent.nju, kaspersky, launch, malware, minidump, mp3, newtab, officejet, open candy, pup.optional.opencandy, pup.optional.snapdo.a, rundll, sierra, software, svchost.exe, system, windows |
Baum-Darstellung