| |
| |||||||
Log-Analyse und Auswertung: Fileparade Bundle irgendwie installiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2014, 18:17
| #1 |
| |  Fileparade Bundle irgendwie installiert Hier mein Logfile: C:\Program Files (x86)\SupTab\SupTab.dll Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung C:\Program Files (x86)\WinZipper\winzipersvc.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung C:\Program Files (x86)\YouTube Accelerator\Updater.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll Variante von Win32/Adware.Yontoo.B Anwendung C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll Variante von Win32/Adware.Yontoo.B Anwendung C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Variante von Win32/DomaIQ.BF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Installer\Install_17185\sense.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Installer\Install_17185\ytai.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RFRZL1K\spstub[1].exe Win32/Conduit.SearchProtect.L evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY6XDWV\SPSetup[1].exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY6XDWV\SPSetup[2].exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICHPBS31\sp-downloader[1].exe Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ71WSXR\Setup[1].exe Win32/BrowseFox.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\awh13D2.tmp Variante von Win32/DealPly.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\awhB37.tmp Variante von Win32/Amonetize.AC evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\che94A0.tmp Win32/bProtector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe Variante von Win32/ELEX.Z evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe Win32/Somoto.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\security-filter.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SPSetup.exe Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\UNT3A82.exe Variante von Win32/DealPly.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\UNT3A84.exe Win32/MyPCBackup.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\ytai_ytareg_setup.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Setup.exe Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\ccp.exe Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\CrxInstaller.dll Variante von Win32/Toolbar.Babylon.Z evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\delta.crx Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\IEHelper.dll Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\MyBabylonTB.exe Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\Setup.exe Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\DomaIQ.exe Variante von Win32/DomaIQ.AF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\DomaIQ10.exe Variante von Win32/DomaIQ.AF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\OfferBrokerage_14003.exe Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\DefaultTabSetup.exe Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\Delta Babylon.exe Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\Yontoo.exe Mehrere Bedrohungen C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390062599\tmp\SupTab.exe Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390062599\tmp\wpm.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390063143\tmp\desk365.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\iwebar.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\sense.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\shopperpro.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\yta.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_7921\ytai.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\is-04OE2.tmp\security-filter.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nseE2C2.tmp\InstallerUtils.dll Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nseE2C2.tmp\InstallerUtils2.dll Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsoDE6E.tmp\Efriybsuf.exe Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsoDE6E.tmp\WrapperUtils.dll Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsvCED6\SpSetup.exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SAINST\SA.CAB Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SAINST\updater.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe Variante von Win32/DealPly.F evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Roaming\TorTemp\_\install-torload.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\Downloads\Calibre_TSV31JHNO.exe Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung C:\Users\Bummi\Downloads\car radio code calculato...es,philips,volvo etc.exe Variante von Win32/4Shared.P evtl. unerwünschte Anwendung C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\1.26.33_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung C:\Users\Dax\AppData\Local\Temp\SPSetup.exe Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Dax\Downloads\Virtual Skipper 5.exe MSIL/Solimba.L evtl. unerwünschte Anwendung und hier mein Checkup Editor: Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Reader XI Google Chrome 34.0.1847.131 Google Chrome 34.0.1847.137 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` was nun? |
|
20.05.2014, 18:50
| #2 |
| /// the machine /// TB-Ausbilder    | Fileparade Bundle irgendwie installiert hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.05.2014, 18:50
| #3 |
| /// the machine /// TB-Ausbilder | Fileparade Bundle irgendwie installiert hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.05.2014, 19:21
| #4 |
| | Fileparade Bundle irgendwie installiert Hier ist Addition:FRST Additions Logfile: [CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Bummi at 2014-05-20 20:17:25 Running from C:\Users\Bummi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS PCE-N15 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.8 - ) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) BlazePhoto 2.0.1 (HKLM-x32\...\BlazePhoto 2.0.1_is1) (Version: - ) calibre (HKLM-x32\...\{4838134A-8CFF-4D5B-B3C1-C110DA8DF61B}) (Version: 1.37.0 - Kovid Goyal) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DJ3525FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotomarkt Tuebingen Fotobuch-Software (HKLM-x32\...\FotomarktTuebingenFotobuchSoftware) (Version: 3.2.24 - SSW Software GmbH) Fotomarkt Tuebingen Fotobuch-Software (x32 Version: 3.2.24 - SSW Software GmbH) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro) Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.0 - Avid Technology, Inc.) HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard) HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.0.01.09151 - Sony Corporation) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{EA6700F9-985E-422D-98A7-4E16D4CEAC29}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden Media Go (HKLM-x32\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony) Media Go Video Playback Engine 1.116.101.02020 (HKLM-x32\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.101.02020 - Sony) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Nero 7 Essentials (HKLM-x32\...\{6F467323-41E0-4DB0-95EB-E8776AD21031}) (Version: 7.03.0966 - Nero AG) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Nolan N-Com wizard (HKLM-x32\...\{F7E88D64-8B5E-43F6-9E00-76A7EF26A302}) (Version: 1.2.0 - Redox srl) NVIDIA 3D Vision Controller-Treiber 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden OpenMG Limited Patch 5.0-08-14-04-01 (HKLM-x32\...\OpenMG HotFix5.0-08-14-04-01) (Version: - ) OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation) OpenMG Secure Module 5.0.00 (x32 Version: 5.0.00.11280 - Sony Corporation) Hidden PcCloneEX (HKLM-x32\...\PcCloneEX) (Version: - ) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.0.75 - Avid Technology, Inc.) Pinnacle Studio 16 - Standard Content Pack (HKLM-x32\...\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}) (Version: 16.0.0 - Avid Technology, Inc.) Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.0.0.75 - Avid Technology, Inc.) Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation) PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.) Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.0 - Avid Technology, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Rolly Choreographer 1.0 (x32 Version: 1.0.00.06260 - Sony Corporation) Hidden Rolly Choreographer*1.0 (HKLM-x32\...\{41BCCB3B-D16D-4C7A-B0D9-8FCF99B8BA5D}) (Version: 1.0.00.06260 - Sony Corporation) Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 0.9.1.23 - Samsung) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.) Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony) Studie zur Verbesserung von HP Deskjet 3520 series Produkten (HKLM\...\{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Tales of Monkey Island (HKLM-x32\...\Tales of Monkey Island) (Version: 3.0.0.0 - Daedalic Entertainment) Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.0 - Avid Technology, Inc.) Vsk5Online (HKLM-x32\...\Vsk5Online_is1) (Version: - Nadeo) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3395(build_81) - Goobzo Ltd.) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0DDA5414-383C-45D5-A4F9-BB665B0ADC67} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-04-05] (Goobzo) Task: {13D65AEF-D90D-4CB7-BFDA-EBAF87CD4439} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {1AC21A1A-2529-477E-B9F4-7EBAD3973B74} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION Task: {1F260A76-50C0-48D0-B691-22E362F58246} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {2A69F890-2A07-407B-869B-8F53D386A0B4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-04-14] () Task: {2E6449B5-1FCD-44DD-B657-E195EA9D34E0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {3C408129-4E71-4CB0-8DE2-7243E1523641} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-07] (Google Inc.) Task: {3C5BA7F8-AEE7-45E6-A7E7-DE73306AEA38} - System32\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4 => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION Task: {41710C1D-8108-4D07-AE59-10FDFFAFEE8A} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-04-05] (Goobzo) Task: {4558E29B-AB36-4621-8ECA-FFEBD3167E51} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {47C8A849-1307-4FF5-B970-CD7E0D878256} - System32\Tasks\4466 => Wscript.exe C:\Users\Dax\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {5E59ECA2-C9A8-48F4-A7F5-12223E81351C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7DF5EAE0-AC1B-4D6E-A6B7-5A8BF1DDC491} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {89BBEA45-B1C5-46BA-B1C5-A5FB473F1262} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {9A68D22D-5588-4533-A8A6-819B1FF327D7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {AD17C8CD-1BE6-4703-87E3-A483BEAE3B61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-07] (Google Inc.) Task: {B83F4C4A-F3E0-4637-8287-5FA360E022E4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {BCC9A29A-209C-412D-874D-5DD55A9BE719} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {D369FB71-28B3-45A9-9601-4BB700BAB4A1} - System32\Tasks\Dealply => C:\Users\Bummi\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2014-01-18] () <==== ATTENTION Task: {FDFC4521-8D39-4051-A0D4-A32BED7BF3D8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-3.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-3.exe <==== ATTENTION Task: C:\Windows\Tasks\10496340-28c0-47c5-8c23-0aac03e48614-4.job => C:\Program Files (x86)\Sense\10496340-28c0-47c5-8c23-0aac03e48614-4.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => C:\Users\Bummi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-28 14:04 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-29 18:43 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2014-01-18 19:08 - 2014-01-18 19:08 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll 2013-02-28 14:24 - 2013-03-01 15:15 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-03-29 18:43 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2013-03-29 18:43 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll 2012-10-05 03:51 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll 2013-03-29 18:43 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll 2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll 2014-05-20 14:39 - 2014-05-20 14:39 - 00041984 _____ () c:\users\bummi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfai9ob.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Bummi\AppData\Roaming\Dropbox\bin\libcef.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll 2014-05-15 09:22 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:054203E4 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\Users\Bummi\Desktop\DSC_1076_c_dss.jpg:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2014 05:57:14 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422). Error: (05/20/2014 05:51:09 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/20/2014 03:33:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/20/2014 03:28:38 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed calibre; Fehler = 0x80070422). Error: (05/20/2014 03:28:30 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed calibre; Fehler = 0x80070422). Error: (05/20/2014 03:28:21 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed calibre; Fehler = 0x80070422). Error: (05/20/2014 03:13:49 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Naviextras Toolbox Prerequesities; Fehler = 0x80070422). Error: (05/20/2014 03:13:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed Naviextras Toolbox Prerequesities; Fehler = 0x80070422). Error: (05/20/2014 02:42:25 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Steam wird entfernt; Fehler = 0x80070422). Error: (05/20/2014 02:42:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Steam wird entfernt; Fehler = 0x80070422). System errors: ============= Error: (05/20/2014 02:41:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/20/2014 02:41:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/20/2014 02:40:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/20/2014 02:40:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (05/20/2014 02:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2014 02:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update SerialTrunc" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2014 02:39:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (05/19/2014 10:13:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/19/2014 10:13:21 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/19/2014 10:12:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (05/20/2014 05:57:14 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422 Error: (05/20/2014 05:51:09 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (05/20/2014 03:33:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe Error: (05/20/2014 03:28:38 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VInstalled calibre0x80070422 Error: (05/20/2014 03:28:30 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VInstalled calibre0x80070422 Error: (05/20/2014 03:28:21 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VInstalled calibre0x80070422 Error: (05/20/2014 03:13:49 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VRemoved Naviextras Toolbox Prerequesities0x80070422 Error: (05/20/2014 03:13:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VRemoved Naviextras Toolbox Prerequesities0x80070422 Error: (05/20/2014 02:42:25 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VSteam wird entfernt0x80070422 Error: (05/20/2014 02:42:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\msiexec.exe /VSteam wird entfernt0x80070422 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 32701.43 MB Available physical RAM: 28396.54 MB Total Pagefile: 65401.04 MB Available Pagefile: 60793.22 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.94 GB) (Free:313.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:1863.01 GB) (Free:1042.91 GB) NTFS Drive j: (1GB Platte) (Fixed) (Total:931.51 GB) (Free:931.36 GB) NTFS Drive l: (TrekStor) (Fixed) (Total:1863.01 GB) (Free:1056.98 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 477 GB) (Disk ID: DD0B5F67) Partition 1: (Active) - (Size=477 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F28A7BD3) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 1863 GB) (Disk ID: 0A66260D) Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS) ======================================================== Disk: 7 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ABAD845A) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Und hier ist Frst Editor: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Bummi (administrator) on BUMMI-ARLT on 20-05-2014 20:17:12 Running from C:\Users\Bummi\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Samsung) D:\Program Files (x86)\Kies\Kies\Kies.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (Dropbox, Inc.) C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Yontoo Desktop] => "C:\Users\Bummi\AppData\Roaming\Yontoo\YontooDesktop.exe" HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesPreload] => D:\Program Files (x86)\Kies\Kies\Kies.exe [1564992 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesAirMessage] => D:\Program Files (x86)\Kies\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [] => D:\Program Files (x86)\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Security Updates] => C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe [843221 2014-02-07] ( ) <===== ATTENTION HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET) #2] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [GOOBZOYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2218856 2014-04-05] (GOOBZO) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {64358592-eefa-11e2-ab8d-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {6f8b2109-5ce2-11e3-a722-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {8bedd888-988c-11e2-ba14-d43d7e4ae242} - J:\Startme.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1004\...\Run: [iCloudServices] => D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1004\...\Run: [com.apple.dav.bookmarks.daemon] => D:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1004\...\Run: [ApplePhotoStreams] => D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1004\...\MountPoints2: {6f8b2109-5ce2-11e3-a722-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F6A54BDAC15CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1390062604&from=amt&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6CE93462-CF41-418E-9335-28DF482632D3&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=120518&babsrc=SP_ss&mntrId=ac36983f0000000000003085a9f38e2c SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390063148&from=epom2&uid=SamsungXSSDX840XPROXSeries_S1AXNSAD700589X&q={searchTerms} SearchScopes: HKCU - {51558A5F-B347-4E3F-80EA-8B69B53E596A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c6b87d90-17f8-4330-ba3a-cac222328ca9&apn_sauid=F6E252C2-4C97-4590-9935-9945C43CF47B SearchScopes: HKCU - {9A83D115-287B-4AD7-94C9-4BE62C88A413} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152 BHO: Security.filter - {11111111-1111-1111-1111-110411941182} - C:\Program Files (x86)\Security.filter\Security.filter-bho64.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 02 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 03 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 04 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 05 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 06 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 07 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 08 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 09 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 10 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Winsock: Catalog9 21 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.de/" CHR Extension: (Avira Browser Safety) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-10] CHR Extension: (Google Wallet) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [mphpbdjcljebbcnfopfngmfdackbbdgf] - C:\Program Files (x86)\DealPly\DealPly.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-27] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) S3 NBService; D:\Program Files\Nero\Nero7\Nero Home\Nero 7\Nero BackItUp\NBService.exe [800040 2007-11-28] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation) S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2014-01-18] (Taiwan Shui Mu Chih Ching Technology Limited.) R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1502056 2014-04-05] (GOOBZO) S2 Update SerialTrunc; "C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.exe" [X] S2 Util SerialTrunc; "C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.) S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-02-09] (CSR plc.) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc) S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [650200 2012-09-14] (Intel Corporation) S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] () S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide) S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation) S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation) S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.) S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM) S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM) S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider) S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] () S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] () S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] () S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.) S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] () S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] () S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] () R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.) S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.) S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.) S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X] S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X] S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X] S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X] R4 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-20 20:17 - 2014-05-20 20:17 - 00026136 _____ () C:\Users\Bummi\Downloads\FRST.txt 2014-05-20 20:17 - 2014-05-20 20:17 - 00000000 ____D () C:\FRST 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Downloads\FRST64.exe 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Downloads\SecurityCheck.exe 2014-05-20 18:42 - 2014-05-20 18:54 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 15:32 - 2014-05-20 15:32 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-20 15:27 - 2014-05-20 15:28 - 55555072 _____ () C:\Users\Bummi\Downloads\calibre-1.37.0.msi 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-15 09:36 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:36 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:20 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 09:20 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 09:20 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 09:20 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 09:20 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 09:20 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 09:20 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 09:20 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 09:20 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 09:20 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 09:20 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:13 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-05-13 17:13 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-08 08:24 - 2014-05-15 17:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 18:11 - 2014-05-04 18:12 - 55546880 _____ () C:\Users\Bummi\Downloads\calibre-1.35.0.msi 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-29 08:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de ==================== One Month Modified Files and Folders ======= 2014-05-20 20:17 - 2014-05-20 20:17 - 00026136 _____ () C:\Users\Bummi\Downloads\FRST.txt 2014-05-20 20:17 - 2014-05-20 20:17 - 00000000 ____D () C:\FRST 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Downloads\FRST64.exe 2014-05-20 19:36 - 2013-04-07 16:32 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-20 19:34 - 2013-02-28 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-20 19:21 - 2013-04-07 16:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-20 18:54 - 2014-05-20 18:42 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Downloads\SecurityCheck.exe 2014-05-20 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-20 15:32 - 2014-05-20 15:32 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-20 15:28 - 2014-05-20 15:27 - 55555072 _____ () C:\Users\Bummi\Downloads\calibre-1.37.0.msi 2014-05-20 15:28 - 2014-01-11 17:17 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-20 14:57 - 2013-02-28 15:15 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Dropbox 2014-05-20 14:57 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:57 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-20 14:50 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-05-20 14:50 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-05-20 14:50 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-20 14:43 - 2013-02-28 14:03 - 01283460 _____ () C:\Windows\WindowsUpdate.log 2014-05-20 14:42 - 2014-01-18 19:08 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-05-20 14:39 - 2013-02-28 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-20 14:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-20 14:39 - 2009-07-14 06:51 - 00090557 _____ () C:\Windows\setupact.log 2014-05-16 13:56 - 2013-02-28 15:17 - 00001019 _____ () C:\Users\Bummi\Desktop\Dropbox.lnk 2014-05-16 13:56 - 2013-02-28 15:16 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-16 13:56 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:55 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:54 - 2013-02-28 14:19 - 00000932 __RSH () C:\Users\Bummi\ntuser.pol 2014-05-16 13:54 - 2013-02-28 14:04 - 00000000 ____D () C:\Users\Bummi 2014-05-15 17:48 - 2013-02-28 15:45 - 00000932 __RSH () C:\Users\Dax\ntuser.pol 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ____D () C:\Users\Dax 2014-05-15 17:44 - 2014-05-08 08:24 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 09:36 - 2013-09-07 15:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:35 - 2013-02-28 15:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 09:22 - 2014-02-27 15:49 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 18:06 - 2013-02-28 14:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 15:14 - 2013-02-28 15:46 - 00000000 ____D () C:\Users\Dax\AppData\Local\Windows Live 2014-05-14 14:35 - 2013-02-28 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 14:35 - 2013-02-28 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 14:35 - 2013-02-28 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:43 - 2014-01-31 15:10 - 00000000 ____D () C:\Users\Bummi\Desktop\Auto 2014-05-13 17:17 - 2013-09-19 20:17 - 00016896 _____ () C:\Users\Bummi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:16 - 2013-03-03 13:43 - 00000000 ____D () C:\Users\Bummi\Documents\SelfMV 2014-05-13 17:13 - 2014-04-05 11:15 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-13 17:11 - 2013-03-03 13:12 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Samsung 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-12 19:48 - 2013-03-01 14:53 - 925721075 _____ () C:\Windows\MEMORY.DMP 2014-05-12 19:48 - 2013-03-01 14:53 - 00000000 ____D () C:\Windows\Minidump 2014-05-11 12:13 - 2013-03-17 14:34 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HpUpdate 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-10 14:50 - 2014-03-06 16:45 - 00901632 _____ () C:\Users\Bummi\Documents\Streichinstrumente Katja und Tim.ppt 2014-05-10 13:16 - 2013-04-07 16:32 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 13:16 - 2013-04-07 16:32 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-15 09:20 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 19:05 - 2014-01-11 16:57 - 00000000 ____D () C:\Users\Bummi\Documents\Bücher 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-06 06:40 - 2014-05-15 09:36 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 09:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 09:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 09:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:59 - 2013-03-19 15:10 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\BOM 2014-05-04 18:12 - 2014-05-04 18:11 - 55546880 _____ () C:\Users\Bummi\Downloads\calibre-1.35.0.msi 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-04 12:00 - 2013-08-01 13:43 - 00082944 ___SH () C:\Users\Bummi\Downloads\Thumbs.db 2014-05-04 11:59 - 2013-12-19 16:05 - 00026112 ___SH () C:\Users\Bummi\Desktop\Thumbs.db 2014-05-02 16:36 - 2013-02-28 14:41 - 00000000 ____D () C:\ProgramData\DVD Shrink 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-02 12:56 - 2013-10-18 14:27 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-02 12:56 - 2013-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-27 17:56 - 2013-02-28 15:50 - 00000000 ____D () C:\Users\Bummi\Tracing 2014-04-27 17:31 - 2014-02-23 15:26 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Ahead 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de 2014-04-27 17:15 - 2012-11-07 16:41 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-04-27 17:15 - 2012-11-07 16:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-04-27 17:14 - 2014-02-23 19:33 - 00002534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00137628 _____ () C:\Windows\DirectX.log 2014-04-27 17:14 - 2012-11-07 16:41 - 00001490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files\Windows Live 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-26 18:26 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe Some content of TEMP: ==================== C:\Users\Bummi\AppData\Local\Temp\APNStub.exe C:\Users\Bummi\AppData\Local\Temp\avgnt.exe C:\Users\Bummi\AppData\Local\Temp\BackupSetup.exe C:\Users\Bummi\AppData\Local\Temp\cabex.dll C:\Users\Bummi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfai9ob.dll C:\Users\Bummi\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe C:\Users\Bummi\AppData\Local\Temp\htmlayout.dll C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Bummi\AppData\Local\Temp\nsaA0D9.exe C:\Users\Bummi\AppData\Local\Temp\nsfD453.exe C:\Users\Bummi\AppData\Local\Temp\nsfF7EC.exe C:\Users\Bummi\AppData\Local\Temp\nskADE4.exe C:\Users\Bummi\AppData\Local\Temp\nslA815.exe C:\Users\Bummi\AppData\Local\Temp\nsp9F61.exe C:\Users\Bummi\AppData\Local\Temp\nsqE67C.exe C:\Users\Bummi\AppData\Local\Temp\nsqE803.exe C:\Users\Bummi\AppData\Local\Temp\nsqF656.exe C:\Users\Bummi\AppData\Local\Temp\nsvAF5C.exe C:\Users\Bummi\AppData\Local\Temp\nvStInst.exe C:\Users\Bummi\AppData\Local\Temp\security-filter.exe C:\Users\Bummi\AppData\Local\Temp\setup.exe C:\Users\Bummi\AppData\Local\Temp\SkypeSetup.exe C:\Users\Bummi\AppData\Local\Temp\SPSetup.exe C:\Users\Bummi\AppData\Local\Temp\toolbar1059106.exe C:\Users\Bummi\AppData\Local\Temp\torload.exe C:\Users\Bummi\AppData\Local\Temp\torloadproxy.dll C:\Users\Bummi\AppData\Local\Temp\tu17p84.exe C:\Users\Bummi\AppData\Local\Temp\unelevate.exe C:\Users\Bummi\AppData\Local\Temp\uninst1.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A82.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A84.exe C:\Users\Bummi\AppData\Local\Temp\ytai_ytareg_setup.exe C:\Users\Bummi\AppData\Local\Temp\_is254B.exe C:\Users\Bummi\AppData\Local\Temp\_is8C76.exe C:\Users\Dax\AppData\Local\Temp\avgnt.exe C:\Users\Dax\AppData\Local\Temp\SPSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 09:20] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 17:50 ==================== End Of Log ============================ --- --- --- |
|
21.05.2014, 09:00
| #5 |
| /// the machine /// TB-Ausbilder | Fileparade Bundle irgendwie installiert Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2014, 11:26
| #6 |
| | Fileparade Bundle irgendwie installiert Hat vermutlich geklappt  Es ist nichts mehr vom Fileparade Bundle zu sehen. Tausend dank. Bummi1 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Bummi (administrator) on BUMMI-ARLT on 21-05-2014 12:21:17 Running from C:\Users\Bummi\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Samsung) D:\Program Files (x86)\Kies\Kies\Kies.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (Dropbox, Inc.) C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesPreload] => D:\Program Files (x86)\Kies\Kies\Kies.exe [1564992 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesAirMessage] => D:\Program Files (x86)\Kies\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [] => D:\Program Files (x86)\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Security Updates] => C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe [843221 2014-02-07] ( ) <===== ATTENTION HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET) #2] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {64358592-eefa-11e2-ab8d-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {6f8b2109-5ce2-11e3-a722-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {8bedd888-988c-11e2-ba14-d43d7e4ae242} - J:\Startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F6A54BDAC15CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {51558A5F-B347-4E3F-80EA-8B69B53E596A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c6b87d90-17f8-4330-ba3a-cac222328ca9&apn_sauid=F6E252C2-4C97-4590-9935-9945C43CF47B SearchScopes: HKCU - {9A83D115-287B-4AD7-94C9-4BE62C88A413} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.de/" CHR Extension: (CSS reload!) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba [2014-05-21] CHR Extension: (Avira Browser Safety) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-10] CHR Extension: (Google Wallet) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG) S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) S3 NBService; D:\Program Files\Nero\Nero7\Nero Home\Nero 7\Nero BackItUp\NBService.exe [800040 2007-11-28] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation) S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ==================== Drivers (Whitelisted) ==================== S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.) S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-02-09] (CSR plc.) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc) S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [650200 2012-09-14] (Intel Corporation) S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] () S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide) S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation) S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation) S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.) S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM) S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM) S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider) S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] () S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] () S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] () S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.) S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] () S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] () S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] () R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.) S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.) S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.) S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X] S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X] S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X] S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-21 12:15 - 2014-05-21 12:16 - 00000000 ____D () C:\AdwCleaner 2014-05-21 12:15 - 2014-05-21 12:15 - 01326389 _____ () C:\Users\Bummi\Downloads\adwcleaner_3.210.exe 2014-05-21 12:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-21 11:56 - 2014-05-21 11:56 - 00000911 _____ () C:\Users\Bummi\Desktop\Revo Uninstaller.lnk 2014-05-21 11:55 - 2014-05-21 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bummi\Downloads\revosetup95.exe 2014-05-20 20:17 - 2014-05-21 12:21 - 00018662 _____ () C:\Users\Bummi\Downloads\FRST.txt 2014-05-20 20:17 - 2014-05-21 12:21 - 00000000 ____D () C:\FRST 2014-05-20 20:17 - 2014-05-20 20:17 - 00033852 _____ () C:\Users\Bummi\Downloads\Addition.txt 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Downloads\FRST64.exe 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Downloads\SecurityCheck.exe 2014-05-20 18:42 - 2014-05-20 18:54 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 15:32 - 2014-05-20 15:32 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-20 15:27 - 2014-05-20 15:28 - 55555072 _____ () C:\Users\Bummi\Downloads\calibre-1.37.0.msi 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-15 09:36 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:36 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:20 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 09:20 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 09:20 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 09:20 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 09:20 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 09:20 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 09:20 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 09:20 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 09:20 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 09:20 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 09:20 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:13 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-05-13 17:13 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-08 08:24 - 2014-05-15 17:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 18:11 - 2014-05-04 18:12 - 55546880 _____ () C:\Users\Bummi\Downloads\calibre-1.35.0.msi 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-29 08:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de ==================== One Month Modified Files and Folders ======= 2014-05-21 12:21 - 2014-05-20 20:17 - 00018662 _____ () C:\Users\Bummi\Downloads\FRST.txt 2014-05-21 12:21 - 2014-05-20 20:17 - 00000000 ____D () C:\FRST 2014-05-21 12:21 - 2013-04-07 16:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-21 12:20 - 2013-02-28 15:15 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Dropbox 2014-05-21 12:19 - 2013-04-07 16:32 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-21 12:17 - 2013-02-28 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-21 12:17 - 2010-11-21 05:47 - 00195716 _____ () C:\Windows\PFRO.log 2014-05-21 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-21 12:17 - 2009-07-14 06:51 - 00090781 _____ () C:\Windows\setupact.log 2014-05-21 12:16 - 2014-05-21 12:15 - 00000000 ____D () C:\AdwCleaner 2014-05-21 12:16 - 2013-02-28 14:05 - 00000995 _____ () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-21 12:16 - 2013-02-28 14:03 - 01306988 _____ () C:\Windows\WindowsUpdate.log 2014-05-21 12:15 - 2014-05-21 12:15 - 01326389 _____ () C:\Users\Bummi\Downloads\adwcleaner_3.210.exe 2014-05-21 12:00 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-21 12:00 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-21 11:58 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-05-21 11:58 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-05-21 11:58 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-21 11:56 - 2014-05-21 11:56 - 00000911 _____ () C:\Users\Bummi\Desktop\Revo Uninstaller.lnk 2014-05-21 11:55 - 2014-05-21 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bummi\Downloads\revosetup95.exe 2014-05-20 20:34 - 2013-02-28 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-20 20:17 - 2014-05-20 20:17 - 00033852 _____ () C:\Users\Bummi\Downloads\Addition.txt 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Downloads\FRST64.exe 2014-05-20 18:54 - 2014-05-20 18:42 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Downloads\SecurityCheck.exe 2014-05-20 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-20 15:32 - 2014-05-20 15:32 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-20 15:28 - 2014-05-20 15:27 - 55555072 _____ () C:\Users\Bummi\Downloads\calibre-1.37.0.msi 2014-05-20 15:28 - 2014-01-11 17:17 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-16 13:56 - 2013-02-28 15:17 - 00001019 _____ () C:\Users\Bummi\Desktop\Dropbox.lnk 2014-05-16 13:56 - 2013-02-28 15:16 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-16 13:56 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:55 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:54 - 2013-02-28 14:19 - 00000932 __RSH () C:\Users\Bummi\ntuser.pol 2014-05-16 13:54 - 2013-02-28 14:04 - 00000000 ____D () C:\Users\Bummi 2014-05-15 17:48 - 2013-02-28 15:45 - 00000932 __RSH () C:\Users\Dax\ntuser.pol 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ____D () C:\Users\Dax 2014-05-15 17:44 - 2014-05-08 08:24 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 09:36 - 2013-09-07 15:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:35 - 2013-02-28 15:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 09:22 - 2014-02-27 15:49 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 18:06 - 2013-02-28 14:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 15:14 - 2013-02-28 15:46 - 00000000 ____D () C:\Users\Dax\AppData\Local\Windows Live 2014-05-14 14:35 - 2013-02-28 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 14:35 - 2013-02-28 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 14:35 - 2013-02-28 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:43 - 2014-01-31 15:10 - 00000000 ____D () C:\Users\Bummi\Desktop\Auto 2014-05-13 17:17 - 2013-09-19 20:17 - 00016896 _____ () C:\Users\Bummi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:16 - 2013-03-03 13:43 - 00000000 ____D () C:\Users\Bummi\Documents\SelfMV 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-13 17:11 - 2013-03-03 13:12 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Samsung 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-12 19:48 - 2013-03-01 14:53 - 925721075 _____ () C:\Windows\MEMORY.DMP 2014-05-12 19:48 - 2013-03-01 14:53 - 00000000 ____D () C:\Windows\Minidump 2014-05-11 12:13 - 2013-03-17 14:34 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HpUpdate 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-10 14:50 - 2014-03-06 16:45 - 00901632 _____ () C:\Users\Bummi\Documents\Streichinstrumente Katja und Tim.ppt 2014-05-10 13:16 - 2013-04-07 16:32 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 13:16 - 2013-04-07 16:32 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-15 09:20 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 19:05 - 2014-01-11 16:57 - 00000000 ____D () C:\Users\Bummi\Documents\Bücher 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-06 06:40 - 2014-05-15 09:36 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 09:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 09:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 09:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:59 - 2013-03-19 15:10 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\BOM 2014-05-04 18:12 - 2014-05-04 18:11 - 55546880 _____ () C:\Users\Bummi\Downloads\calibre-1.35.0.msi 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-04 12:00 - 2013-08-01 13:43 - 00082944 ___SH () C:\Users\Bummi\Downloads\Thumbs.db 2014-05-04 11:59 - 2013-12-19 16:05 - 00026112 ___SH () C:\Users\Bummi\Desktop\Thumbs.db 2014-05-02 16:36 - 2013-02-28 14:41 - 00000000 ____D () C:\ProgramData\DVD Shrink 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-02 12:56 - 2013-10-18 14:27 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-02 12:56 - 2013-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-27 17:56 - 2013-02-28 15:50 - 00000000 ____D () C:\Users\Bummi\Tracing 2014-04-27 17:31 - 2014-02-23 15:26 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Ahead 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de 2014-04-27 17:15 - 2012-11-07 16:41 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-04-27 17:15 - 2012-11-07 16:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-04-27 17:14 - 2014-02-23 19:33 - 00002534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00137628 _____ () C:\Windows\DirectX.log 2014-04-27 17:14 - 2012-11-07 16:41 - 00001490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files\Windows Live 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-26 18:26 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe Some content of TEMP: ==================== C:\Users\Bummi\AppData\Local\Temp\APNStub.exe C:\Users\Bummi\AppData\Local\Temp\avgnt.exe C:\Users\Bummi\AppData\Local\Temp\BackupSetup.exe C:\Users\Bummi\AppData\Local\Temp\cabex.dll C:\Users\Bummi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8javjj.dll C:\Users\Bummi\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe C:\Users\Bummi\AppData\Local\Temp\htmlayout.dll C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Bummi\AppData\Local\Temp\nsaA0D9.exe C:\Users\Bummi\AppData\Local\Temp\nsfD453.exe C:\Users\Bummi\AppData\Local\Temp\nsfF7EC.exe C:\Users\Bummi\AppData\Local\Temp\nskADE4.exe C:\Users\Bummi\AppData\Local\Temp\nslA815.exe C:\Users\Bummi\AppData\Local\Temp\nsp9F61.exe C:\Users\Bummi\AppData\Local\Temp\nsqE67C.exe C:\Users\Bummi\AppData\Local\Temp\nsqE803.exe C:\Users\Bummi\AppData\Local\Temp\nsqF656.exe C:\Users\Bummi\AppData\Local\Temp\nsvAF5C.exe C:\Users\Bummi\AppData\Local\Temp\nvStInst.exe C:\Users\Bummi\AppData\Local\Temp\Quarantine.exe C:\Users\Bummi\AppData\Local\Temp\security-filter.exe C:\Users\Bummi\AppData\Local\Temp\setup.exe C:\Users\Bummi\AppData\Local\Temp\SkypeSetup.exe C:\Users\Bummi\AppData\Local\Temp\SPSetup.exe C:\Users\Bummi\AppData\Local\Temp\toolbar1059106.exe C:\Users\Bummi\AppData\Local\Temp\torload.exe C:\Users\Bummi\AppData\Local\Temp\torloadproxy.dll C:\Users\Bummi\AppData\Local\Temp\tu17p84.exe C:\Users\Bummi\AppData\Local\Temp\unelevate.exe C:\Users\Bummi\AppData\Local\Temp\uninst1.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A82.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A84.exe C:\Users\Bummi\AppData\Local\Temp\ytai_ytareg_setup.exe C:\Users\Bummi\AppData\Local\Temp\_is254B.exe C:\Users\Bummi\AppData\Local\Temp\_is8C76.exe C:\Users\Dax\AppData\Local\Temp\avgnt.exe C:\Users\Dax\AppData\Local\Temp\SPSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 09:20] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 17:50 ==================== End Of Log ============================ |
|
22.05.2014, 08:44
| #7 |
| /// the machine /// TB-Ausbilder | Fileparade Bundle irgendwie installiert Wir sind noch nit fertig  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.05.2014, 18:23
| #8 |
| | Fileparade Bundle irgendwie installiert so alles gemacht. Hier ist lie Log.txt: C:\$Recycle.Bin\S-1-5-21-689810551-2354125089-4270504231-1000\$RFL9SUT.exe Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung C:\$Recycle.Bin\S-1-5-21-689810551-2354125089-4270504231-1000\$RWKKRZC.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir Variante von Win32/Adware.Yontoo.B Anwendung C:\AdwCleaner\Quarantine\C\Users\Bummi\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir Variante von Win32/DealPly.F evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Variante von Win32/DomaIQ.BF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Installer\Install_17185\sense.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Installer\Install_17185\ytai.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RFRZL1K\spstub[1].exe Win32/Conduit.SearchProtect.L evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY6XDWV\SPSetup[1].exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNY6XDWV\SPSetup[2].exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICHPBS31\sp-downloader[1].exe Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ71WSXR\Setup[1].exe Win32/BrowseFox.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\awh13D2.tmp Variante von Win32/DealPly.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\awhB37.tmp Variante von Win32/Amonetize.AC evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\che94A0.tmp Win32/bProtector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe Variante von Win32/ELEX.Z evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe Win32/Somoto.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\security-filter.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SPSetup.exe Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\UNT3A82.exe Variante von Win32/DealPly.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\UNT3A84.exe Win32/MyPCBackup.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\ytai_ytareg_setup.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Setup.exe Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\ccp.exe Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\CrxInstaller.dll Variante von Win32/Toolbar.Babylon.Z evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\delta.crx Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\IEHelper.dll Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\MyBabylonTB.exe Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\B50B8993-BAB0-7891-8C9A-77A54EC351C1\Latest\Setup.exe Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\DomaIQ.exe Variante von Win32/DomaIQ.AF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\DomaIQ10.exe Variante von Win32/DomaIQ.AF evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\OfferBrokerage_14003.exe Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\DefaultTabSetup.exe Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\Delta Babylon.exe Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\DM2\avira-premium-security-suite_046\software\Yontoo.exe Mehrere Bedrohungen C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390062599\tmp\SupTab.exe Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390062599\tmp\wpm.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\fullpackage_temp1390063143\tmp\desk365.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\iwebar.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\sense.exe Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\shopperpro.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_15374\yta.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\Install_7921\ytai.exe Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\is-04OE2.tmp\security-filter.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nseE2C2.tmp\InstallerUtils.dll Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nseE2C2.tmp\InstallerUtils2.dll Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsoDE6E.tmp\Efriybsuf.exe Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsoDE6E.tmp\WrapperUtils.dll Variante von Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\nsvCED6\SpSetup.exe Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SAINST\SA.CAB Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Local\Temp\SAINST\updater.exe Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung C:\Users\Bummi\AppData\Roaming\TorTemp\_\install-torload.exe Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung C:\Users\Bummi\Downloads\car radio code calculato...es,philips,volvo etc.exe Variante von Win32/4Shared.P evtl. unerwünschte Anwendung C:\Users\Dax\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\1.26.33_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung C:\Users\Dax\AppData\Local\Temp\SPSetup.exe Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung C:\Users\Dax\Downloads\Virtual Skipper 5.exe MSIL/Solimba.L evtl. unerwünschte Anwendung und hier der Checkup: Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Reader XI Google Chrome 34.0.1847.131 Google Chrome 34.0.1847.137 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` und hier das Frst Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Bummi (administrator) on BUMMI-ARLT on 22-05-2014 19:22:24 Running from C:\Users\Bummi\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Samsung) D:\Program Files (x86)\Kies\Kies\Kies.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => D:\Program Files (x86)\Kies\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesPreload] => D:\Program Files (x86)\Kies\Kies\Kies.exe [1564992 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [KiesAirMessage] => D:\Program Files (x86)\Kies\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [] => D:\Program Files (x86)\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-04-23] (Samsung) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [Security Updates] => C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe [843221 2014-02-07] ( ) <===== ATTENTION HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\Run: [HP Deskjet 3520 series (NET) #2] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {64358592-eefa-11e2-ab8d-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {6f8b2109-5ce2-11e3-a722-d43d7e4ae242} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-689810551-2354125089-4270504231-1000\...\MountPoints2: {8bedd888-988c-11e2-ba14-d43d7e4ae242} - J:\Startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Bummi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F6A54BDAC15CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {51558A5F-B347-4E3F-80EA-8B69B53E596A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c6b87d90-17f8-4330-ba3a-cac222328ca9&apn_sauid=F6E252C2-4C97-4590-9935-9945C43CF47B SearchScopes: HKCU - {9A83D115-287B-4AD7-94C9-4BE62C88A413} URL = hxxp://www.bing.com/search?q={searchTerms}&r=152 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.de/" CHR Extension: (CSS reload!) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba [2014-05-21] CHR Extension: (Avira Browser Safety) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-10] CHR Extension: (Google Wallet) - C:\Users\Bummi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) S3 NBService; D:\Program Files\Nero\Nero7\Nero Home\Nero 7\Nero BackItUp\NBService.exe [800040 2007-11-28] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation) S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ==================== Drivers (Whitelisted) ==================== S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.) S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-02-09] (CSR plc.) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc) S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation) S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [650200 2012-09-14] (Intel Corporation) S3 ISASerial; C:\Windows\system32\drivers\ISASerial.sys [72192 2008-02-20] (Windows (R) Codename Longhorn DDK provider) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] () S3 MtsHID; C:\Windows\system32\drivers\MtsHID.sys [27664 2009-07-15] (TechniSat Provide) S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation) S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation) S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group, Inc.) S1 oxpar; C:\Windows\system32\drivers\oxpar.sys [158208 2007-01-24] (OEM) S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM) S3 PciIsaSerial; C:\Windows\system32\drivers\PciIsaSerial.sys [72192 2008-05-22] (Windows (R) Codename Longhorn DDK provider) S3 PciPPorts; C:\Windows\system32\drivers\PciPPorts.sys [95744 2008-05-22] () S3 PciSPorts; C:\Windows\system32\drivers\PciSPorts.sys [126464 2008-05-22] () S3 PPorts; C:\Windows\system32\drivers\PPorts.sys [95744 2008-02-20] () S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation) S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation) S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.) S3 SPorts; C:\Windows\system32\drivers\SPorts.sys [124416 2008-02-20] () S3 StnPport; C:\Windows\system32\drivers\StnPport.sys [97280 2009-12-17] () S3 StnSport; C:\Windows\system32\drivers\StnSport.sys [126464 2009-11-14] () R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.) S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (VIA Technologies, Inc.) S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (VIA Technologies, Inc.) S3 NmPar; \SystemRoot\system32\drivers\NmPar.sys [X] S3 nmserial; \SystemRoot\system32\drivers\nmserial.sys [X] S3 Oxmfuf; \SystemRoot\system32\drivers\oxmfuf.sys [X] S3 oxser; \SystemRoot\system32\drivers\oxser.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-22 19:22 - 2014-05-22 19:22 - 00018559 _____ () C:\Users\Bummi\Desktop\FRST.txt 2014-05-22 15:07 - 2014-05-22 15:07 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-21 12:15 - 2014-05-21 12:16 - 00000000 ____D () C:\AdwCleaner 2014-05-21 12:15 - 2014-05-21 12:15 - 01326389 _____ () C:\Users\Bummi\Downloads\adwcleaner_3.210.exe 2014-05-21 12:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-21 11:56 - 2014-05-21 11:56 - 00000911 _____ () C:\Users\Bummi\Desktop\Revo Uninstaller.lnk 2014-05-21 11:55 - 2014-05-21 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bummi\Downloads\revosetup95.exe 2014-05-20 20:17 - 2014-05-22 19:22 - 00000000 ____D () C:\FRST 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Desktop\FRST64.exe 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Desktop\SecurityCheck.exe 2014-05-20 18:42 - 2014-05-20 18:54 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-15 09:36 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:36 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 09:36 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:20 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 09:20 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 09:20 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 09:20 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 09:20 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 09:20 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 09:20 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 09:20 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 09:20 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 09:20 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 09:20 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 09:20 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 09:20 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 09:20 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 09:20 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 09:20 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:13 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudmdm.sys 2014-05-13 17:13 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(???? | ????? ???? ?????.)) C:\Windows\system32\Drivers\ssudbus.sys 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-08 08:24 - 2014-05-15 17:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-29 08:28 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-29 08:28 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-29 08:28 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-29 08:28 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-29 08:28 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-29 08:28 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-29 08:28 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-29 08:28 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-29 08:28 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-29 08:28 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-29 08:28 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-29 08:28 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-29 08:28 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-29 08:28 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-29 08:28 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-29 08:28 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-29 08:28 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-29 08:28 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-29 08:28 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-29 08:28 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-29 08:28 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-29 08:28 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-29 08:28 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-29 08:28 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-29 08:28 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-29 08:28 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-29 08:28 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-29 08:28 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de ==================== One Month Modified Files and Folders ======= 2014-05-22 19:22 - 2014-05-22 19:22 - 00018559 _____ () C:\Users\Bummi\Desktop\FRST.txt 2014-05-22 19:22 - 2014-05-20 20:17 - 00000000 ____D () C:\FRST 2014-05-22 19:21 - 2013-04-07 16:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-22 19:18 - 2013-08-01 13:43 - 00082944 ___SH () C:\Users\Bummi\Downloads\Thumbs.db 2014-05-22 18:34 - 2013-02-28 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-22 17:26 - 2013-02-28 14:03 - 01337340 _____ () C:\Windows\WindowsUpdate.log 2014-05-22 15:07 - 2014-05-22 15:07 - 02347384 _____ (ESET) C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe 2014-05-22 15:07 - 2010-11-21 08:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-05-22 15:07 - 2010-11-21 08:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-05-22 15:07 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-22 15:07 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-22 15:07 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-22 15:06 - 2013-02-28 15:15 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Dropbox 2014-05-22 15:00 - 2013-04-07 16:32 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-22 15:00 - 2013-02-28 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-22 15:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-22 15:00 - 2009-07-14 06:51 - 00091453 _____ () C:\Windows\setupact.log 2014-05-22 09:36 - 2013-03-29 18:19 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-22 09:36 - 2013-03-29 18:19 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-21 17:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-21 12:17 - 2010-11-21 05:47 - 00195716 _____ () C:\Windows\PFRO.log 2014-05-21 12:16 - 2014-05-21 12:15 - 00000000 ____D () C:\AdwCleaner 2014-05-21 12:16 - 2013-02-28 14:05 - 00000995 _____ () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-21 12:15 - 2014-05-21 12:15 - 01326389 _____ () C:\Users\Bummi\Downloads\adwcleaner_3.210.exe 2014-05-21 11:56 - 2014-05-21 11:56 - 00000911 _____ () C:\Users\Bummi\Desktop\Revo Uninstaller.lnk 2014-05-21 11:55 - 2014-05-21 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bummi\Downloads\revosetup95.exe 2014-05-20 20:16 - 2014-05-20 20:16 - 02067456 _____ (Farbar) C:\Users\Bummi\Desktop\FRST64.exe 2014-05-20 18:54 - 2014-05-20 18:42 - 00007775 _____ () C:\Users\Bummi\Documents\Bedrohung.txt 2014-05-20 18:45 - 2014-05-20 18:45 - 00854367 _____ () C:\Users\Bummi\Desktop\SecurityCheck.exe 2014-05-20 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-20 15:28 - 2014-01-11 17:17 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2014-05-20 15:28 - 2014-01-11 17:17 - 00000000 ____D () C:\Program Files (x86)\Calibre2 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-05-20 15:26 - 2013-03-29 18:46 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2014-05-20 15:25 - 2014-05-20 15:25 - 00003450 _____ () C:\Windows\System32\Tasks\{72C2E068-181A-4A1B-9E60-5269CD30F90D} 2014-05-16 13:56 - 2013-02-28 15:17 - 00001019 _____ () C:\Users\Bummi\Desktop\Dropbox.lnk 2014-05-16 13:56 - 2013-02-28 15:16 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-16 13:56 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 13:55 - 2013-02-28 14:05 - 00000000 ___RD () C:\Users\Bummi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-16 13:54 - 2013-02-28 14:19 - 00000932 __RSH () C:\Users\Bummi\ntuser.pol 2014-05-16 13:54 - 2013-02-28 14:04 - 00000000 ____D () C:\Users\Bummi 2014-05-15 17:48 - 2013-02-28 15:45 - 00000932 __RSH () C:\Users\Dax\ntuser.pol 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ___RD () C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 17:48 - 2013-02-28 15:45 - 00000000 ____D () C:\Users\Dax 2014-05-15 17:44 - 2014-05-08 08:24 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 09:36 - 2013-09-07 15:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:35 - 2013-02-28 15:29 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-15 09:22 - 2014-02-27 15:49 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-14 18:06 - 2013-02-28 14:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-14 15:14 - 2013-02-28 15:46 - 00000000 ____D () C:\Users\Dax\AppData\Local\Windows Live 2014-05-14 14:35 - 2013-02-28 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 14:35 - 2013-02-28 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 14:35 - 2013-02-28 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 14:34 - 2014-05-14 14:34 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-13 17:43 - 2014-01-31 15:10 - 00000000 ____D () C:\Users\Bummi\Desktop\Auto 2014-05-13 17:17 - 2013-09-19 20:17 - 00016896 _____ () C:\Users\Bummi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-13 17:16 - 2014-05-13 17:16 - 00000058 _____ () C:\DUMPA.WAV 2014-05-13 17:16 - 2013-03-03 13:43 - 00000000 ____D () C:\Users\Bummi\Documents\SelfMV 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-05-13 17:11 - 2014-05-13 17:11 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2014-05-13 17:11 - 2013-03-03 13:12 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Samsung 2014-05-12 19:48 - 2014-05-12 19:48 - 00293208 _____ () C:\Windows\Minidump\051214-6661-01.dmp 2014-05-12 19:48 - 2013-03-01 14:53 - 925721075 _____ () C:\Windows\MEMORY.DMP 2014-05-12 19:48 - 2013-03-01 14:53 - 00000000 ____D () C:\Windows\Minidump 2014-05-11 12:13 - 2013-03-17 14:34 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HpUpdate 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieUserList 2014-05-11 08:46 - 2014-05-11 08:46 - 00000000 __SHD () C:\Users\Bummi\AppData\Local\EmieSiteList 2014-05-10 16:51 - 2014-05-10 16:51 - 00292632 _____ () C:\Windows\Minidump\051014-6786-01.dmp 2014-05-10 14:50 - 2014-03-06 16:45 - 00901632 _____ () C:\Users\Bummi\Documents\Streichinstrumente Katja und Tim.ppt 2014-05-10 13:16 - 2013-04-07 16:32 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 13:16 - 2013-04-07 16:32 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-15 09:20 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 09:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 20:39 - 2014-05-08 20:39 - 00001369 _____ () C:\Users\Dax\Downloads\st 2014-05-08 19:05 - 2014-01-11 16:57 - 00000000 ____D () C:\Users\Bummi\Documents\Bücher 2014-05-08 12:27 - 2014-05-08 12:27 - 00293064 _____ () C:\Windows\Minidump\050814-6630-01.dmp 2014-05-06 06:40 - 2014-05-15 09:36 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-15 09:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-15 09:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-15 09:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-15 09:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:59 - 2013-03-19 15:10 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\BOM 2014-05-04 12:00 - 2014-05-04 12:00 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\DropboxMaster 2014-05-04 11:59 - 2013-12-19 16:05 - 00026112 ___SH () C:\Users\Bummi\Desktop\Thumbs.db 2014-05-02 16:36 - 2013-02-28 14:41 - 00000000 ____D () C:\ProgramData\DVD Shrink 2014-05-02 16:30 - 2014-05-02 16:30 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\HARLEY-DAVIDSON V-ROD user guide 2014-05-02 12:56 - 2014-05-02 12:56 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 12:56 - 2014-05-02 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-02 12:56 - 2013-10-18 14:27 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-02 12:56 - 2013-05-04 15:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieUserList 2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 __SHD () C:\Users\Dax\AppData\Local\EmieSiteList 2014-04-27 17:56 - 2013-02-28 15:50 - 00000000 ____D () C:\Users\Bummi\Tracing 2014-04-27 17:31 - 2014-02-23 15:26 - 00000000 ____D () C:\Users\Bummi\AppData\Roaming\Ahead 2014-04-27 17:15 - 2014-04-27 17:15 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\en 2014-04-27 17:15 - 2014-04-27 17:15 - 00000000 ____D () C:\Windows\de 2014-04-27 17:15 - 2012-11-07 16:41 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-04-27 17:15 - 2012-11-07 16:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-04-27 17:14 - 2014-02-23 19:33 - 00002534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00137628 _____ () C:\Windows\DirectX.log 2014-04-27 17:14 - 2012-11-07 16:41 - 00001490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files\Windows Live 2014-04-27 17:14 - 2012-11-07 16:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-04-26 18:26 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe Some content of TEMP: ==================== C:\Users\Bummi\AppData\Local\Temp\APNStub.exe C:\Users\Bummi\AppData\Local\Temp\avgnt.exe C:\Users\Bummi\AppData\Local\Temp\BackupSetup.exe C:\Users\Bummi\AppData\Local\Temp\cabex.dll C:\Users\Bummi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_as_rl.dll C:\Users\Bummi\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe C:\Users\Bummi\AppData\Local\Temp\htmlayout.dll C:\Users\Bummi\AppData\Local\Temp\install-security-updates.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Bummi\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Bummi\AppData\Local\Temp\nsaA0D9.exe C:\Users\Bummi\AppData\Local\Temp\nsfD453.exe C:\Users\Bummi\AppData\Local\Temp\nsfF7EC.exe C:\Users\Bummi\AppData\Local\Temp\nskADE4.exe C:\Users\Bummi\AppData\Local\Temp\nslA815.exe C:\Users\Bummi\AppData\Local\Temp\nsp9F61.exe C:\Users\Bummi\AppData\Local\Temp\nsqE67C.exe C:\Users\Bummi\AppData\Local\Temp\nsqE803.exe C:\Users\Bummi\AppData\Local\Temp\nsqF656.exe C:\Users\Bummi\AppData\Local\Temp\nsvAF5C.exe C:\Users\Bummi\AppData\Local\Temp\nvStInst.exe C:\Users\Bummi\AppData\Local\Temp\Quarantine.exe C:\Users\Bummi\AppData\Local\Temp\security-filter.exe C:\Users\Bummi\AppData\Local\Temp\setup.exe C:\Users\Bummi\AppData\Local\Temp\SkypeSetup.exe C:\Users\Bummi\AppData\Local\Temp\SPSetup.exe C:\Users\Bummi\AppData\Local\Temp\toolbar1059106.exe C:\Users\Bummi\AppData\Local\Temp\torload.exe C:\Users\Bummi\AppData\Local\Temp\torloadproxy.dll C:\Users\Bummi\AppData\Local\Temp\tu17p84.exe C:\Users\Bummi\AppData\Local\Temp\unelevate.exe C:\Users\Bummi\AppData\Local\Temp\uninst1.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A82.exe C:\Users\Bummi\AppData\Local\Temp\UNT3A84.exe C:\Users\Bummi\AppData\Local\Temp\ytai_ytareg_setup.exe C:\Users\Bummi\AppData\Local\Temp\_is254B.exe C:\Users\Bummi\AppData\Local\Temp\_is8C76.exe C:\Users\Dax\AppData\Local\Temp\avgnt.exe C:\Users\Dax\AppData\Local\Temp\SPSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-15 09:20] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-20 17:50 ==================== End Of Log ============================ --- --- --- |
|
23.05.2014, 16:13
| #9 |
| /// the machine /// TB-Ausbilder | Fileparade Bundle irgendwie installiert Bis auf die FUnde in den Temps kannste die andern ESET Funde manuell löschen, dann Papierkorb leeren. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.05.2014, 22:20
| #10 |
| | Fileparade Bundle irgendwie installiert Hier ist die Fixlist: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014 Ran by Bummi at 2014-05-23 23:15:07 Run:1 Running from C:\Users\Bummi\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ***************** YouTubeAcceleratorService => Service deleted successfully. ==== End of Fixlog ==== und hier ist die letzte Log: # DelFix v10.7 - Datei am 23/05/2014 um 23:18:09 erstellt # Aktualisiert am 27/04/2014 von Xplode # Benutzer : Bummi - BUMMI-ARLT # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner Gelöscht : C:\Users\Bummi\Desktop\Fixlog.txt Gelöscht : C:\Users\Bummi\Desktop\FRST.txt Gelöscht : C:\Users\Bummi\Desktop\FRST64.exe Gelöscht : C:\Users\Bummi\Desktop\Log.txt Gelöscht : C:\Users\Bummi\Desktop\SecurityCheck.exe Gelöscht : C:\Users\Bummi\Desktop\TFC.exe Gelöscht : C:\Users\Bummi\Downloads\adwcleaner_3.210.exe Gelöscht : C:\Users\Bummi\Downloads\esetsmartinstaller_deu.exe Gelöscht : C:\Users\Bummi\Downloads\TFC.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Tausend Dank. Wie lernt man so was? Toll Grüße Bummi |
|
24.05.2014, 18:20
| #11 | |
| /// the machine /// TB-Ausbilder | Fileparade Bundle irgendwie installiertZitat:
Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
