| |
| |||||||
Log-Analyse und Auswertung: Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf InternetseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.04.2014, 12:26
| #1 |
| |  Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten Hallo Ich habe ein ähnliches Problem wie hier bereits beschrieben: http://www.trojaner-board.de/152083-...-beginnen.html http://www.trojaner-board.de/151947-...ue-seiten.html Allerdings nicht nur...so werden auch andere Seiten geöffnet nicht nur www.123srv.com und die Hyperlinks verlinken auch irgendwo anders immer hin. Ich bitte um Hilfe, da mein Virenscanner Avira nicht angeschlagen hat. Wie gehe ich mit diesem Problem nun um? Liebe Grüße und vielen Dank an jene die bereit sind mir zu helfen. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by paetzold (administrator) on PAETZOLD-PC on 08-04-2014 13:37:00
Running from C:\Users\paetzold\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\paetzold\AppData\Roaming\BupSystem\bup.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Program Files\V-bates\ExtensionUpdaterService.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [SSync] - C:\Users\paetzold\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [DataMgr] - C:\Users\paetzold\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-10-09] (HTTO Group, Ltd.)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [OMESupervisor] - C:\Users\paetzold\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [SCheck] - C:\Users\paetzold\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [Snoozer] - C:\Users\paetzold\AppData\Roaming\Snz\Snz.exe [1209624 2013-12-24] ()
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [Intermediate] - C:\Users\paetzold\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\MountPoints2: {71e2cbc9-f6ad-11e2-bd5e-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-4138453247-3588956261-1559332509-1000\...\MountPoints2: {da08a476-7dec-11e3-b6da-bc5ff4bcf9e4} - G:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=00a9843a-a97b-436c-9a2c-d0c901848422&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/07/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=00a9843a-a97b-436c-9a2c-d0c901848422&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/07/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=00a9843a-a97b-436c-9a2c-d0c901848422&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/07/2013&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=00a9843a-a97b-436c-9a2c-d0c901848422&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/07/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=00a9843a-a97b-436c-9a2c-d0c901848422&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=28/07/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5E8EBC5FF4BCF9E4&affID=119357&tsp=4957
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {74E7A601-11D7-469F-938A-ADBA38B9B3FA} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=5e8ef763000000000000bc5ff4bcf9e4&r=693
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll ()
BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
BHO-x32: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll ()
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: OfferMosquito - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\paetzold\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\paetzold\AppData\Roaming\Mozilla\Firefox\Profiles\g7ndpgt9.default-1396863004172
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\paetzold\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: OfferMosquito - C:\Users\paetzold\AppData\Roaming\Mozilla\Firefox\Profiles\g7ndpgt9.default-1396863004172\Extensions\om@offermosquito.com.xpi [2013-12-19]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF Extension: V-bates - C:\Program Files\V-bates\Firefox [2014-04-01]
Chrome:
=======
CHR HomePage: hxxp://wisersearch.com/?channel=de
CHR RestoreOnStartup: "hxxp://wisersearch.com/?channel=de"
CHR DefaultSearchKeyword: Search
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
CHR Extension: (Protegere) - C:\Users\paetzold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-04-01]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\paetzold\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-17]
CHR Extension: (OfferMosquito) - C:\Users\paetzold\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-12-15]
CHR Extension: (Simple New Tab) - C:\Users\paetzold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2013-12-25]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\paetzold\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 bupService; C:\Users\paetzold\AppData\Roaming\BupSystem\bup.exe [1005056 2014-04-01] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2000-01-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2000-01-01] (Realtek Semiconductor)
R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [210432 2014-02-12] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
R2 V-bates Updater; C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408 2014-02-26] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-28] (DT Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2000-01-01] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-08] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 13:37 - 2014-04-08 13:37 - 00020739 _____ () C:\Users\paetzold\Downloads\FRST.txt
2014-04-08 13:36 - 2014-04-08 13:37 - 00000000 ____D () C:\FRST
2014-04-08 13:35 - 2014-04-08 13:35 - 02157056 _____ (Farbar) C:\Users\paetzold\Downloads\FRST64.exe
2014-04-07 11:53 - 2014-04-07 11:53 - 01426178 _____ () C:\Users\paetzold\Downloads\adwcleaner.exe
2014-04-03 13:55 - 2014-04-03 13:55 - 00000000 _____ () C:\Users\paetzold\agent.log
2014-04-03 13:31 - 2014-04-03 13:31 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201404031331229897.log
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\ProgramData\ATI
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\Program Files\AMD
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-03 13:28 - 2014-04-03 13:28 - 00003936 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2014-04-03 13:28 - 2014-04-03 13:28 - 00003690 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 _____ () C:\Windows\SysWOW64\agent.log
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-04-03 13:27 - 2000-01-01 02:00 - 03872984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-04-03 13:27 - 2000-01-01 02:00 - 02825432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 02792152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 01958616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-04-03 13:27 - 2000-01-01 02:00 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-04-03 13:27 - 2000-01-01 02:00 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-04-03 13:27 - 2000-01-01 02:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-04-03 01:13 - 2014-04-03 01:13 - 00123092 _____ () C:\Users\paetzold\Documents\tatort.txt
2014-04-01 09:59 - 2014-04-01 09:59 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-04-01 09:37 - 2014-04-08 13:37 - 67524960 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-04-01 09:37 - 2014-04-01 09:37 - 00001127 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\Security System 2
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\BupSystem
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\V-bates
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\SavingsBull
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-04-01 09:35 - 2014-04-01 09:35 - 00613200 _____ (Chip Digital GmbH) C:\Users\paetzold\Downloads\Audiograbber - CHIP-Downloader.exe
2014-04-01 09:32 - 2014-04-01 09:32 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\19972
2014-04-01 06:25 - 2014-04-01 06:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Meltytech
2014-04-01 06:23 - 2014-04-01 06:23 - 00001899 _____ () C:\Users\paetzold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2014-04-01 06:23 - 2014-04-01 06:23 - 00000000 ____D () C:\Program Files (x86)\Shotcut
2014-04-01 06:22 - 2014-04-01 06:22 - 140305969 _____ () C:\Users\paetzold\Downloads\shotcut-win32-140329.exe
2014-04-01 06:14 - 2014-04-01 06:14 - 00000907 _____ () C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
2014-04-01 06:14 - 2014-04-01 06:14 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-04-01 06:13 - 2014-04-01 06:13 - 16456460 _____ () C:\Users\paetzold\Downloads\avidemux_2.6.8_win64_v2.exe
2014-03-28 22:32 - 2014-03-28 22:32 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-28 22:32 - 2012-08-21 14:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-03-28 22:31 - 2014-03-28 22:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-28 22:31 - 2014-03-28 22:32 - 00000000 ____D () C:\Program Files\iTunes
2014-03-28 22:31 - 2014-03-28 22:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-28 22:31 - 2014-03-28 22:31 - 00000000 ____D () C:\Program Files\iPod
2014-03-28 22:25 - 2014-03-28 23:12 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\Apple Computer
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Apple Computer
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\ProgramData\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-28 22:24 - 2014-03-28 22:24 - 148885840 _____ (Apple Inc.) C:\Users\paetzold\Downloads\iTunes64Setup.exe
2014-03-25 09:46 - 2014-03-25 09:46 - 00000000 ____D () C:\Users\paetzold\AppData\OICE_15_974FA576_32C1D314_DD2
2014-03-20 11:31 - 2014-03-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-14 16:51 - 2014-04-07 21:51 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job
2014-03-14 16:51 - 2014-04-07 21:51 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job
2014-03-14 16:51 - 2014-03-14 16:51 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C}
2014-03-14 16:51 - 2014-03-14 16:51 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C}
2014-03-14 16:39 - 2014-03-14 17:51 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-03-14 16:39 - 2014-03-14 16:39 - 00001148 _____ () C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2014-03-14 16:39 - 2012-05-17 01:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-03-14 16:38 - 2013-10-22 05:04 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLPE.DLL
2014-03-14 16:38 - 2011-03-15 04:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLPE.DLL
2014-03-14 16:38 - 2007-04-10 02:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-03-12 19:53 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:53 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:53 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 19:53 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:53 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 19:53 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 19:53 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:53 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 19:53 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 19:53 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:53 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 19:53 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 19:53 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 19:53 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 19:53 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 19:53 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 19:53 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 19:53 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:53 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 19:53 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 19:53 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 19:53 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 19:53 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 19:53 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:53 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 19:53 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 19:53 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 19:53 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:53 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:53 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 19:53 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 19:53 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:53 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 19:53 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 19:53 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 19:53 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:53 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 19:53 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 19:53 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 19:53 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 19:53 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 19:53 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 19:53 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 19:53 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 19:53 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 19:53 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 19:53 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 19:53 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-10 13:57 - 2014-03-10 13:58 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\TeamViewer
2014-03-10 13:57 - 2014-03-10 13:57 - 05852336 _____ (TeamViewer GmbH) C:\Users\paetzold\Downloads\TeamViewer_Setup_de.exe
2014-03-10 13:57 - 2014-03-10 13:57 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 13:57 - 2014-03-10 13:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-09 02:08 - 2014-03-09 02:08 - 378461767 _____ () C:\Users\paetzold\Downloads\vkngs02e02-sd.rar
==================== One Month Modified Files and Folders =======
2014-04-08 13:37 - 2014-04-08 13:37 - 00020739 _____ () C:\Users\paetzold\Downloads\FRST.txt
2014-04-08 13:37 - 2014-04-08 13:36 - 00000000 ____D () C:\FRST
2014-04-08 13:37 - 2014-04-01 09:37 - 67524960 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-04-08 13:35 - 2014-04-08 13:35 - 02157056 _____ (Farbar) C:\Users\paetzold\Downloads\FRST64.exe
2014-04-08 13:26 - 2014-02-27 11:34 - 00005142 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for paetzold-PC-paetzold paetzold-PC
2014-04-08 13:26 - 2013-07-27 12:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 13:12 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 13:12 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 13:11 - 2013-05-22 12:25 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 13:11 - 2013-05-22 12:25 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 13:11 - 2009-07-14 07:13 - 00913340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 13:09 - 2013-07-27 12:34 - 01969667 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 13:06 - 2014-02-23 18:26 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\Skype
2014-04-08 13:05 - 2013-12-26 18:55 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-04-08 13:05 - 2013-12-26 18:55 - 00002856 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-04-08 13:05 - 2013-12-26 18:55 - 00000424 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-04-08 13:05 - 2013-11-06 18:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 13:05 - 2013-07-27 11:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 13:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 13:05 - 2009-07-14 06:51 - 00078604 _____ () C:\Windows\setupact.log
2014-04-07 21:58 - 2013-11-17 20:36 - 00000000 ____D () C:\Users\paetzold\AppData\Local\JDownloader v2.0
2014-04-07 21:51 - 2014-03-14 16:51 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job
2014-04-07 21:51 - 2014-03-14 16:51 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job
2014-04-07 21:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-07 21:04 - 2013-11-06 18:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 17:15 - 2013-11-27 11:38 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\vlc
2014-04-07 11:53 - 2014-04-07 11:53 - 01426178 _____ () C:\Users\paetzold\Downloads\adwcleaner.exe
2014-04-07 11:30 - 2013-12-22 21:01 - 00000000 ____D () C:\Users\paetzold\Desktop\Alte Firefox-Daten
2014-04-04 22:58 - 2013-11-21 05:58 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\ApexDC++
2014-04-03 13:55 - 2014-04-03 13:55 - 00000000 _____ () C:\Users\paetzold\agent.log
2014-04-03 13:55 - 2013-07-27 12:34 - 00000000 ____D () C:\Users\paetzold
2014-04-03 13:40 - 2013-07-27 12:50 - 00111520 _____ () C:\Users\paetzold\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 13:39 - 2013-07-28 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-03 13:39 - 2010-11-21 05:47 - 00128358 _____ () C:\Windows\PFRO.log
2014-04-03 13:39 - 2009-07-14 06:45 - 00442304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 13:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-03 13:38 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-04-03 13:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-03 13:31 - 2014-04-03 13:31 - 00055617 _____ () C:\Windows\SysWOW64\CCCInstall_201404031331229897.log
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\ProgramData\ATI
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\Program Files\AMD
2014-04-03 13:31 - 2014-04-03 13:31 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-03 13:31 - 2013-07-27 12:47 - 00000000 ____D () C:\ProgramData\AMD
2014-04-03 13:31 - 2013-07-27 12:12 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-04-03 13:30 - 2013-12-26 19:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-03 13:28 - 2014-04-03 13:28 - 00003936 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2014-04-03 13:28 - 2014-04-03 13:28 - 00003690 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-04-03 13:28 - 2014-04-03 13:28 - 00000000 _____ () C:\Windows\SysWOW64\agent.log
2014-04-03 13:28 - 2013-07-27 13:23 - 00000000 ____D () C:\ProgramData\Intel
2014-04-03 13:28 - 2013-07-27 13:20 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-03 13:27 - 2014-04-03 13:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-04-03 13:27 - 2013-07-27 13:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-03 13:27 - 2013-07-27 13:23 - 00000000 ____D () C:\Program Files\Intel
2014-04-03 01:13 - 2014-04-03 01:13 - 00123092 _____ () C:\Users\paetzold\Documents\tatort.txt
2014-04-01 09:59 - 2014-04-01 09:59 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-04-01 09:37 - 2014-04-01 09:37 - 00001127 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\Security System 2
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\BupSystem
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\V-bates
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\SavingsBull
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-04-01 09:37 - 2014-04-01 09:37 - 00000000 _____ () C:\Windows\system32\Service.log
2014-04-01 09:35 - 2014-04-01 09:35 - 00613200 _____ (Chip Digital GmbH) C:\Users\paetzold\Downloads\Audiograbber - CHIP-Downloader.exe
2014-04-01 09:32 - 2014-04-01 09:32 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\19972
2014-04-01 09:22 - 2013-07-31 13:57 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\avidemux
2014-04-01 06:27 - 2013-12-26 19:55 - 00000000 ____D () C:\Users\paetzold\AppData\Local\CrashDumps
2014-04-01 06:25 - 2014-04-01 06:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Meltytech
2014-04-01 06:23 - 2014-04-01 06:23 - 00001899 _____ () C:\Users\paetzold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2014-04-01 06:23 - 2014-04-01 06:23 - 00000000 ____D () C:\Program Files (x86)\Shotcut
2014-04-01 06:22 - 2014-04-01 06:22 - 140305969 _____ () C:\Users\paetzold\Downloads\shotcut-win32-140329.exe
2014-04-01 06:14 - 2014-04-01 06:14 - 00000907 _____ () C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
2014-04-01 06:14 - 2014-04-01 06:14 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2014-04-01 06:13 - 2014-04-01 06:13 - 16456460 _____ () C:\Users\paetzold\Downloads\avidemux_2.6.8_win64_v2.exe
2014-04-01 06:11 - 2013-12-20 15:56 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2014-04-01 06:10 - 2014-01-07 23:17 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-04-01 06:10 - 2013-10-16 15:06 - 00000000 ____D () C:\Games
2014-03-28 23:12 - 2014-03-28 22:25 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\Apple Computer
2014-03-28 22:32 - 2014-03-28 22:32 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-28 22:32 - 2014-03-28 22:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-28 22:32 - 2014-03-28 22:31 - 00000000 ____D () C:\Program Files\iTunes
2014-03-28 22:32 - 2014-03-28 22:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-28 22:31 - 2014-03-28 22:31 - 00000000 ____D () C:\Program Files\iPod
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Apple Computer
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\ProgramData\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-28 22:25 - 2014-03-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-28 22:24 - 2014-03-28 22:24 - 148885840 _____ (Apple Inc.) C:\Users\paetzold\Downloads\iTunes64Setup.exe
2014-03-28 19:59 - 2013-11-06 18:35 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 19:59 - 2013-11-06 18:35 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 09:46 - 2014-03-25 09:46 - 00000000 ____D () C:\Users\paetzold\AppData\OICE_15_974FA576_32C1D314_DD2
2014-03-21 12:39 - 2013-07-27 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 11:31 - 2014-03-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:30 - 2013-08-07 23:04 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\EPSON
2014-03-18 20:11 - 2013-07-29 23:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:11 - 2013-07-28 22:18 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:34 - 2014-02-23 19:35 - 00000000 ____D () C:\Users\paetzold\Documents\FuossBühlerReformpädagogik
2014-03-18 11:14 - 2013-11-19 17:52 - 00000000 ____D () C:\Flieger
2014-03-14 17:51 - 2014-03-14 16:39 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-03-14 16:59 - 2013-07-28 21:08 - 00000000 ____D () C:\Program Files (x86)\epson
2014-03-14 16:53 - 2013-07-28 21:08 - 00000000 ____D () C:\ProgramData\EPSON
2014-03-14 16:51 - 2014-03-14 16:51 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C}
2014-03-14 16:51 - 2014-03-14 16:51 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C}
2014-03-14 16:39 - 2014-03-14 16:39 - 00001148 _____ () C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2014-03-14 16:39 - 2013-07-28 21:08 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-03-13 23:55 - 2013-07-28 21:53 - 00000000 ____D () C:\Users\paetzold\AppData\Local\Microsoft Help
2014-03-13 02:15 - 2013-08-04 17:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 02:15 - 2013-08-04 17:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 15:26 - 2013-07-27 12:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:26 - 2013-07-27 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:26 - 2013-07-27 12:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 22:31 - 2014-02-27 17:30 - 00151256 _____ () C:\Users\paetzold\Downloads\FileUploader.nast
2014-03-10 13:58 - 2014-03-10 13:57 - 00000000 ____D () C:\Users\paetzold\AppData\Roaming\TeamViewer
2014-03-10 13:57 - 2014-03-10 13:57 - 05852336 _____ (TeamViewer GmbH) C:\Users\paetzold\Downloads\TeamViewer_Setup_de.exe
2014-03-10 13:57 - 2014-03-10 13:57 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 13:57 - 2014-03-10 13:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-10 13:43 - 2014-03-03 16:34 - 00023657 _____ () C:\Users\paetzold\Documents\Uploadtext.txt
2014-03-10 13:40 - 2014-02-27 11:57 - 01485824 _____ (z_o_o_m's corp.) C:\Users\paetzold\Downloads\FileUploader.exe
2014-03-10 13:33 - 2014-02-27 18:10 - 00174359 _____ () C:\Users\paetzold\Downloads\FileUploader.log
2014-03-10 13:17 - 2014-02-28 17:58 - 00002543 _____ () C:\Users\paetzold\Downloads\FileUploader.err
2014-03-09 02:08 - 2014-03-09 02:08 - 378461767 _____ () C:\Users\paetzold\Downloads\vkngs02e02-sd.rar
Some content of TEMP:
====================
C:\Users\paetzold\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\paetzold\AppData\Local\Temp\avgnt.exe
C:\Users\paetzold\AppData\Local\Temp\drm_dialogs.dll
C:\Users\paetzold\AppData\Local\Temp\FUp_updater.exe
C:\Users\paetzold\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\paetzold\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\paetzold\AppData\Local\Temp\ose00000.exe
C:\Users\paetzold\AppData\Local\Temp\proxy_vole8181599254759877250.dll
C:\Users\paetzold\AppData\Local\Temp\SHSetup.exe
C:\Users\paetzold\AppData\Local\Temp\sonarinst.exe
C:\Users\paetzold\AppData\Local\Temp\uninst1.exe
C:\Users\paetzold\AppData\Local\Temp\Uninstall.exe
C:\Users\paetzold\AppData\Local\Temp\VobSub_2.23.exe
C:\Users\paetzold\AppData\Local\Temp\_isE781.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 13:01
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by paetzold at 2014-04-08 13:37:17
Running from C:\Users\paetzold\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
ApexDC++ 1.5.9 (HKLM\...\{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1) (Version: 1.5.9 - ApexDC++ Development Team)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 0.18.13 - Tilted Mill Entertainment)
calibre (HKLM-x32\...\{AF63A317-D3BD-4147-8398-286E163332DF}) (Version: 0.9.44 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
DVDFab 9.1.0.6 (15/11/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-710 Series Printer Uninstall (HKLM\...\EPSON XP-710 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Free YouTube Download version 3.2.29.303 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.29.303 - DVDVideoSoft Ltd.)
Google Chrome Frame (HKLM-x32\...\{02A5C383-FE94-3B52-9627-CE70B9301A0F}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.4.59.0 (HKLM\...\PROSetDX) (Version: 18.4.59.0 - Intel)
Intel(R) Network Connections 18.4.59.0 (Version: 18.4.59.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Protegere (HKLM-x32\...\Protegere) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Save.TV Downloadmanager (HKLM-x32\...\{33AB032B-2A0E-49E0-9140-0AB06A1845BC}) (Version: 0.9.6.0 - SaveTV)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION) <==== ATTENTION
SOUP - Share-Online Uploader (HKCU\...\ab1af244d47f0c33) (Version: 1.0.0.26 - Xlice Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft)
V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Verdun (HKLM-x32\...\Steam App 242860) (Version: - BlackMill Games)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
==================== Restore Points =========================
28-03-2014 20:25:28 Installed iTunes
28-03-2014 20:27:11 Removed iTunes
28-03-2014 20:31:48 Installed iTunes
03-04-2014 11:30:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
03-04-2014 11:30:39 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
03-04-2014 11:36:00 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {203174EF-F652-4E71-BCC7-D1D274D5638E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2C444329-A265-4C88-ABA9-DAAFA9FB9A67} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {4C04EA79-A992-4EA8-9C2E-1A1B9E68D37B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {4E6111FA-7AA4-4996-9D65-0ADC782C84F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {68ADB404-3A4D-434A-AF2F-6EE7CA08BE05} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6E4E31BB-6C18-4134-AE67-27B1E98AB952} - System32\Tasks\Microsoft Office 15 Sync Maintenance for paetzold-PC-paetzold paetzold-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {C99AC99E-66C6-48EF-8237-24B8569E38CC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CA83CD4C-7405-46B4-9090-694183A2394F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {CD80D231-7F64-458E-A4A9-433EEA1F923A} - System32\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D765A95F-92A3-4001-92B1-BB333EE162A6} - System32\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D7A6A479-B2C5-490F-87B4-660AEB891736} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {DB2DC26B-B40F-4608-8B63-C402A3E011B5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-710 Series Invitation {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
Task: C:\Windows\Tasks\EPSON XP-710 Series Update {0A591BC8-0A67-4113-BD49-E5B36735FB5C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-01 09:37 - 2014-04-01 09:37 - 01005056 _____ () C:\Users\paetzold\AppData\Roaming\BupSystem\bup.exe
2014-01-27 22:45 - 2014-01-27 22:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2013-11-05 00:16 - 2013-11-05 00:16 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-12 14:16 - 2014-02-12 14:16 - 00210432 _____ () c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
2014-02-02 11:26 - 2014-02-02 11:26 - 00317952 _____ () c:\Program Files\SavingsbullFilter\ProtocolFilters.dll
2013-11-19 00:42 - 2013-11-19 00:42 - 00110080 _____ () c:\Program Files\SavingsbullFilter\nfapi.dll
2013-11-14 15:28 - 2013-11-14 15:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-04-01 09:37 - 2014-02-26 15:31 - 00209408 _____ () C:\Program Files\V-bates\ExtensionUpdaterService.exe
2013-07-27 11:58 - 2013-07-18 08:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-01 09:37 - 2014-04-01 09:37 - 00374272 _____ () C:\Users\paetzold\AppData\Roaming\BupSystem\sub\default.dll
2014-01-08 04:16 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 04:16 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-07-01 08:20 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-09 17:56 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-20 11:31 - 2014-03-20 11:31 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 15:26 - 2014-03-12 15:26 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-04-03 13:27 - 2000-01-01 02:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^paetzold^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ApexDC++.lnk => C:\Windows\pss\ApexDC++.lnk.Startup
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2014 01:15:37 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/08/2014 01:07:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/08/2014 01:05:51 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/07/2014 11:27:43 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/07/2014 11:19:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2014 11:17:57 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/06/2014 11:31:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 11:29:33 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/06/2014 00:52:48 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/06/2014 00:44:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/01/2014 07:18:25 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 07:18:19 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 07:18:13 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 07:18:07 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 07:18:01 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 07:17:55 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (04/01/2014 09:39:36 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/01/2014 09:37:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/01/2014 09:37:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BUP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/23/2014 02:57:18 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (04/08/2014 01:15:37 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/08/2014 01:07:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/08/2014 01:05:51 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (04/07/2014 11:27:43 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/07/2014 11:19:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2014 11:17:57 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (04/06/2014 11:31:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 11:29:33 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (04/06/2014 00:52:48 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
Error: (04/06/2014 00:44:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 16304.32 MB
Available physical RAM: 13367.69 MB
Total Pagefile: 32606.82 MB
Available Pagefile: 29356.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:51.47 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:130.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F0C3BFDA)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 56989073)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Pollux05 (08.04.2014 um 12:41 Uhr) |
|
08.04.2014, 12:43
| #2 |
| /// the machine /// TB-Ausbilder    | Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
08.04.2014, 13:09
| #3 | |
| | Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf InternetseitenZitat:
Ich finde in der Additional nur mir folgende nichtsaussagende Zeilen: SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION) <==== ATTENTION V-bates 2.0.0.438 (HKLM\...\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1) (Version: 2.0.0.438 - Wajamu) <==== ATTENTION Die oberen 5 files tauchen nicht als Programm oder ähnliches auf. *edit* Mit Malwarebytes scheint sich das Problem nun erledigt zu haben  Hoffentlich Vielen Dank für deine Hilfe Schrauber... Kann man dem Board wo was spenden? Geändert von Pollux05 (08.04.2014 um 13:55 Uhr) |
|
09.04.2014, 11:26
| #4 | |
| /// the machine /// TB-Ausbilder | Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten Versuch die Tools dann über Windows zu deinstallieren. Mach auf jeden Fall noch die andern beidne Tools, AdwCleaner und so, da ist noch mehr. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten |
| .html, 123srv, 4d36e972-e325-11ce-bfc1-08002be10318, andere, avira, bereits, bitte um hilfe, branding, dvdvideosoft ltd., firefox, hilfe, hyperlinks, inter, interne, internetseite, internetseiten, mozilla, mozilla firefox, neue, outlook 2013, problem, scan, scanner, seite, seiten, seiten geöffnet, synology, teredo, virenscan, virenscanner, win64, yahoo community smartbar, ähnliches, öffnet |
Linear-Darstellung
