| Win7: Telekom Rechnung Trojaner? Hallo, ein Kumpel von mir hat gestern eine Spam-Mail mit gefälschter Telekom-Rechnung bekommen, in der ein Link zu einer gezippten exe-Datei war, die er auch ausgeführt hat.
Habe schon mit FRST die Logfiles erstellt, da ich mir nicht sicher bin was sich da im Hintergrund installiert hat.
Ist es sinnvoll die Internetverbindung vorerst zu trennen?
Schonmal Danke im vorraus,
Felix Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Lothar (administrator) on LOTHAR-PC on 27-05-2014 07:15:51
Running from C:\Users\Lothar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-26] (APN)
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2013-11-24] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3675947854-765841710-4264688940-1001\...\Run: [Google Update] => C:\Users\Lothar\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-08] (Google Inc.)
HKU\S-1-5-21-3675947854-765841710-4264688940-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-3675947854-765841710-4264688940-1001\...\Run: [rsucrypt.exe] => C:\Users\Lothar\AppData\Roaming\Microsoft\rsucrypt.exe [81920 2009-07-14] ()
HKU\S-1-5-21-3675947854-765841710-4264688940-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata Zahlungserinnerung.lnk
ShortcutTarget: windata Zahlungserinnerung.lnk -> C:\windata\professional 8\windataZahlungserinnerung.exe (windata GmbH & Co.KG)
Startup: C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x954399698E6ECE01
SearchScopes: HKCU - {2DB72C41-DB33-47FB-B4D4-EA16F93AE698} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=87187031-46A9-4355-8BBC-5C2A29550384&apn_sauid=552CE84F-C7F4-4748-A461-885D560E33A1
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lothar\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lothar\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lothar\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lothar\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lothar\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Lothar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-08]
CHR Extension: (Google-Suche) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-08]
CHR Extension: (Google Wallet) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Lothar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-08]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-03-26]
CHR StartMenuInternet: Google Chrome - C:\Users\Lothar\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 Pnp680r; C:\Windows\System32\DRIVERS\pnp680r.sys [125992 2007-07-24] (Silicon Image, Inc)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-27 07:15 - 2014-05-27 07:16 - 00012155 _____ () C:\Users\Lothar\Desktop\FRST.txt
2014-05-26 19:33 - 2014-05-27 07:15 - 00000000 ____D () C:\FRST
2014-05-26 19:33 - 2014-05-26 19:33 - 00013081 _____ () C:\Users\Lothar\Downloads\FRST.txt
2014-05-26 19:32 - 2014-05-26 19:33 - 02066944 _____ (Farbar) C:\Users\Lothar\Desktop\FRST64.exe
2014-05-26 19:19 - 2014-05-26 19:19 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2014-05-26 19:14 - 2014-05-26 19:15 - 02418743 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-05-26 19:13 - 2012-11-01 15:35 - 00253256 _____ (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys
2014-05-26 19:12 - 2014-05-26 19:34 - 00000000 ____D () C:\ProgramData\PC Tools
2014-05-26 19:12 - 2014-05-26 19:12 - 03834832 _____ (PC Tools) C:\Users\Lothar\Downloads\sd9setup.exe
2014-05-26 19:12 - 2014-05-26 19:12 - 03834832 _____ (PC Tools) C:\Users\Lothar\Downloads\sd9setup (1).exe
2014-05-26 19:12 - 2014-05-26 19:12 - 00000000 ____D () C:\Users\Lothar\AppData\Roaming\TestApp
2014-05-26 19:05 - 2014-05-26 19:05 - 00002010 _____ () C:\Users\Lothar\Desktop\EMPFANG steuern.RDP
2014-05-26 18:09 - 2014-05-26 18:09 - 00000673 _____ () C:\Users\Lothar\Desktop\PC EMPFANG.lnk
2014-05-26 18:08 - 2014-05-26 19:05 - 00002010 ____H () C:\Users\Lothar\Documents\Default.rdp
2014-05-26 17:52 - 2014-05-26 17:52 - 00006148 ____H () C:\Users\Public\.DS_Store
2014-05-24 14:51 - 2014-05-24 14:51 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{226091F7-1C2F-4FE6-9814-B11C7585A333}
2014-05-24 14:50 - 2014-05-24 14:50 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{135E0085-3ABA-4319-931A-39394DDB1343}
2014-05-22 18:54 - 2014-05-22 18:54 - 00001095 _____ () C:\Users\Lothar\Desktop\Mass Storage Device - Verknüpfung.lnk
2014-05-20 09:31 - 2014-05-20 09:36 - 06805879 _____ () C:\Users\Lothar\Documents\Rauterkus.xps
2014-05-19 16:07 - 2014-05-19 16:07 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{13AA2245-BD5B-4F42-BC7A-61EA154C7822}
2014-05-15 08:19 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 08:19 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 08:19 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 08:19 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 08:19 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:19 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:39 - 2014-05-14 10:39 - 05730816 _____ () C:\Users\Lothar\Desktop\Loerwald
2014-05-14 08:38 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:38 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:38 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:38 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 07:49 - 2014-05-15 08:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-05 08:54 - 2014-05-05 08:54 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 08:54 - 2014-05-05 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-05 08:54 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-05 08:54 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-05 08:54 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-05 08:54 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-05-27 07:16 - 2014-05-27 07:15 - 00012155 _____ () C:\Users\Lothar\Desktop\FRST.txt
2014-05-27 07:16 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 07:16 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 07:15 - 2014-05-26 19:33 - 00000000 ____D () C:\FRST
2014-05-27 07:13 - 2012-07-10 16:59 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 07:13 - 2010-11-21 05:47 - 00124420 _____ () C:\Windows\PFRO.log
2014-05-27 07:13 - 2009-07-14 06:51 - 03592036 _____ () C:\Windows\setupact.log
2014-05-26 19:35 - 2012-06-08 14:14 - 01767982 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 19:34 - 2014-05-26 19:12 - 00000000 ____D () C:\ProgramData\PC Tools
2014-05-26 19:33 - 2014-05-26 19:33 - 00013081 _____ () C:\Users\Lothar\Downloads\FRST.txt
2014-05-26 19:33 - 2014-05-26 19:32 - 02066944 _____ (Farbar) C:\Users\Lothar\Desktop\FRST64.exe
2014-05-26 19:19 - 2014-05-26 19:19 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2014-05-26 19:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-26 19:15 - 2014-05-26 19:14 - 02418743 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-05-26 19:12 - 2014-05-26 19:12 - 03834832 _____ (PC Tools) C:\Users\Lothar\Downloads\sd9setup.exe
2014-05-26 19:12 - 2014-05-26 19:12 - 03834832 _____ (PC Tools) C:\Users\Lothar\Downloads\sd9setup (1).exe
2014-05-26 19:12 - 2014-05-26 19:12 - 00000000 ____D () C:\Users\Lothar\AppData\Roaming\TestApp
2014-05-26 19:05 - 2014-05-26 19:05 - 00002010 _____ () C:\Users\Lothar\Desktop\EMPFANG steuern.RDP
2014-05-26 19:05 - 2014-05-26 18:08 - 00002010 ____H () C:\Users\Lothar\Documents\Default.rdp
2014-05-26 18:44 - 2012-07-12 14:49 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001UA.job
2014-05-26 18:09 - 2014-05-26 18:09 - 00000673 _____ () C:\Users\Lothar\Desktop\PC EMPFANG.lnk
2014-05-26 17:52 - 2014-05-26 17:52 - 00006148 ____H () C:\Users\Public\.DS_Store
2014-05-26 17:52 - 2012-06-13 15:26 - 00000000 ____D () C:\Scan
2014-05-26 15:32 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 15:32 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 15:32 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 08:44 - 2012-07-12 14:49 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001Core.job
2014-05-26 08:24 - 2012-06-09 17:04 - 00000000 ____D () C:\Users\Lothar\Documents\Lothar
2014-05-24 14:51 - 2014-05-24 14:51 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{226091F7-1C2F-4FE6-9814-B11C7585A333}
2014-05-24 14:50 - 2014-05-24 14:50 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{135E0085-3ABA-4319-931A-39394DDB1343}
2014-05-23 07:51 - 2013-10-26 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup
2014-05-23 07:51 - 2013-10-26 15:39 - 00000000 ____D () C:\Program Files\Personal Backup 5
2014-05-23 07:48 - 2013-10-26 15:39 - 00000000 ____D () C:\Users\Lothar\Documents\PersBackup
2014-05-22 18:54 - 2014-05-22 18:54 - 00001095 _____ () C:\Users\Lothar\Desktop\Mass Storage Device - Verknüpfung.lnk
2014-05-20 09:36 - 2014-05-20 09:31 - 06805879 _____ () C:\Users\Lothar\Documents\Rauterkus.xps
2014-05-19 16:07 - 2014-05-19 16:07 - 00000000 ____D () C:\Users\Lothar\AppData\Local\{13AA2245-BD5B-4F42-BC7A-61EA154C7822}
2014-05-15 15:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 09:04 - 2013-09-12 14:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 09:03 - 2012-06-08 14:15 - 00000000 ___RD () C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:03 - 2012-06-08 14:15 - 00000000 ___RD () C:\Users\Lothar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 08:35 - 2014-05-07 07:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 08:18 - 2013-08-15 19:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 08:14 - 2012-05-07 13:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 08:12 - 2012-06-09 17:04 - 00000000 ____D () C:\Users\Lothar\Documents\Urteile, Zivilrecht
2014-05-14 10:39 - 2014-05-14 10:39 - 05730816 _____ () C:\Users\Lothar\Desktop\Loerwald
2014-05-12 12:11 - 2012-06-13 14:08 - 00000000 ____D () C:\Users\Lothar\Documents\0612
2014-05-09 08:14 - 2014-05-14 08:38 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 08:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 16:02 - 2012-06-08 14:14 - 00000000 ____D () C:\Users\Lothar
2014-05-06 08:39 - 2012-06-08 14:19 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001UA
2014-05-06 08:39 - 2012-06-08 14:19 - 00003700 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001Core
2014-05-06 07:39 - 2012-07-10 16:59 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 06:40 - 2014-05-15 08:19 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 08:19 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 08:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 08:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 08:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 16:06 - 2012-06-09 17:04 - 00000000 ____D () C:\Users\Lothar\Documents\Vorsorgevollmachten
2014-05-05 16:06 - 2012-06-09 17:04 - 00000000 ____D () C:\Users\Lothar\Documents\Vorlagen
2014-05-05 09:36 - 2012-06-09 17:04 - 00000000 ____D () C:\Users\Lothar\Documents\USt.-Voranmeldungen 2010
2014-05-05 08:55 - 2013-11-16 10:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-05 08:54 - 2014-05-05 08:54 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 08:54 - 2014-05-05 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-05 08:54 - 2014-03-01 13:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-29 10:02 - 2013-12-17 13:25 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
Some content of TEMP:
====================
C:\Users\Lothar\AppData\Local\Temp\APNSetup.exe
C:\Users\Lothar\AppData\Local\Temp\APNStub.exe
C:\Users\Lothar\AppData\Local\Temp\GC_PCTOOLS.exe
C:\Users\Lothar\AppData\Local\Temp\instmsia.exe
C:\Users\Lothar\AppData\Local\Temp\instmsiw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Lothar\AppData\Local\Temp\setup.exe
C:\Users\Lothar\AppData\Local\Temp\_isBA3A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 08:32
==================== End Of Log ============================
| Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Lothar at 2014-05-27 07:16:53
Running from C:\Users\Lothar\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.48 - APN, LLC) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{3D2A0EE2-609D-48E8-8CDA-AA634127CC6D}) (Version: 04.02.0000 - windata GmbH & Co.KG)
Deubner Verlag 1x1 des Familienrechts 2014.1 (HKLM-x32\...\DEUBNER VERLAG 1X1 DES FAMILIENRECHTS 2014_1) (Version: 2014.1 - Deubner Verlag)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen)
Formularpraxis - Verlag Dr. Otto Schmidt (HKLM-x32\...\{C4FDF8BF-7692-4CDE-B398-EFED5638B751}) (Version: - )
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0719.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muratec Direct Fax Driver (HKLM\...\{09174FD6-02F5-4c58-A28A-9908386C550B}) (Version: 1.0.0.30 - Muratec)
Muratec Printer Driver for MFX-35x0 PCL6 (HKLM\...\{E4761915-C73A-4ef4-BB14-E380AB1D1CFB}) (Version: 1.0.0.42 - Muratec)
Muratec Printer/Scanner Driver for MFX-1450/2050/F-565 (HKLM-x32\...\{7A983CFE-7134-4E24-8FC0-655DD7D0C453}) (Version: 1.00.0000 - Muratec)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10300 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.13200.33.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
SchmerzensgeldBeträge (HKLM-x32\...\SchmerzensgeldBeträge2_is1) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
windata 8 (HKLM-x32\...\{DCCE266D-03BC-447C-8744-ED08988C6AE0}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
07-05-2014 05:47:18 Windows Update
12-05-2014 06:08:59 Windows Update
15-05-2014 06:07:54 Windows Update
19-05-2014 06:03:12 Windows Update
22-05-2014 15:09:11 Windows Update
26-05-2014 15:58:03 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {62951088-B723-46C7-B037-A4C45B13C01B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001UA => C:\Users\Lothar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.)
Task: {8D0319C2-D952-4416-926B-8CCB70FCE40E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001Core => C:\Users\Lothar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.)
Task: {FEAB73CB-E611-4BCD-8E0D-C8C994BC16DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001Core.job => C:\Users\Lothar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3675947854-765841710-4264688940-1001UA.job => C:\Users\Lothar\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2014 07:15:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2014 07:35:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 25.5.2014.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 860
Startzeit: 01cf790891f73df8
Endzeit: 0
Anwendungspfad: C:\Users\Lothar\Downloads\FRST64.exe
Berichts-ID: 03bd72c1-e4fc-11e3-9c61-8c89a5595d47
Error: (05/26/2014 07:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pctsSvc.exe, Version: 9.1.0.2894, Zeitstempel: 0x509054e5
Name des fehlerhaften Moduls: rtl100.bpl, Version: 11.0.2902.10471, Zeitstempel: 0x475fc385
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000a264
ID des fehlerhaften Prozesses: 0x11ec
Startzeit der fehlerhaften Anwendung: 0xpctsSvc.exe0
Pfad der fehlerhaften Anwendung: pctsSvc.exe1
Pfad des fehlerhaften Moduls: pctsSvc.exe2
Berichtskennung: pctsSvc.exe3
Error: (05/26/2014 06:55:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bac
Startzeit: 01cf78e6ca1ae6aa
Endzeit: 1342
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
Error: (05/26/2014 06:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mstsc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ab44
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000fea417c0
ID des fehlerhaften Prozesses: 0xa88
Startzeit der fehlerhaften Anwendung: 0xmstsc.exe0
Pfad der fehlerhaften Anwendung: mstsc.exe1
Pfad des fehlerhaften Moduls: mstsc.exe2
Berichtskennung: mstsc.exe3
Error: (05/26/2014 06:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mstsc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ab44
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000303fd0
ID des fehlerhaften Prozesses: 0x9b4
Startzeit der fehlerhaften Anwendung: 0xmstsc.exe0
Pfad der fehlerhaften Anwendung: mstsc.exe1
Pfad des fehlerhaften Moduls: mstsc.exe2
Berichtskennung: mstsc.exe3
Error: (05/26/2014 06:08:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mstsc.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ab44
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000fea417c0
ID des fehlerhaften Prozesses: 0x5a8
Startzeit der fehlerhaften Anwendung: 0xmstsc.exe0
Pfad der fehlerhaften Anwendung: mstsc.exe1
Pfad des fehlerhaften Moduls: mstsc.exe2
Berichtskennung: mstsc.exe3
Error: (05/26/2014 05:06:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 11.0.8411.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a48
Startzeit: 01cf78f3a36d4edb
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Berichts-ID: 4148e119-e4e7-11e3-9c61-8c89a5595d47
Error: (05/26/2014 03:29:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2014 07:54:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/27/2014 07:13:44 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/27/2014 07:13:44 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/26/2014 07:23:14 PM) (Source: PCTCore) (EventID: 280) (User: )
Description: @5644
Error: (05/26/2014 07:23:14 PM) (Source: PCTCore) (EventID: 280) (User: )
Description: @5644
Error: (05/26/2014 07:23:14 PM) (Source: PCTCore) (EventID: 280) (User: )
Description: @5644
Error: (05/26/2014 05:46:03 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/26/2014 03:28:11 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/26/2014 03:28:11 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/26/2014 07:52:36 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/26/2014 07:52:36 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Microsoft Office Sessions:
=========================
Error: (05/27/2014 07:15:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2014 07:35:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe25.5.2014.286001cf790891f73df80C:\Users\Lothar\Downloads\FRST64.exe03bd72c1-e4fc-11e3-9c61-8c89a5595d47
Error: (05/26/2014 07:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pctsSvc.exe9.1.0.2894509054e5rtl100.bpl11.0.2902.10471475fc385c00000050000a26411ec01cf790707fa85f2C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exeC:\Program Files (x86)\PC Tools\PC Tools Security\rtl100.bple62d9c41-e4fb-11e3-9c61-8c89a5595d47
Error: (05/26/2014 06:55:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567bac01cf78e6ca1ae6aa1342C:\Windows\Explorer.EXE
Error: (05/26/2014 06:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mstsc.exe6.1.7601.175144ce7ab44unknown0.0.0.000000000c000000500000000fea417c0a8801cf79023f832ec1C:\Windows\system32\mstsc.exeunknown9885e087-e4f5-11e3-9c61-8c89a5595d47
Error: (05/26/2014 06:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mstsc.exe6.1.7601.175144ce7ab44unknown0.0.0.000000000c00000050000000000303fd09b401cf78fcbba8872fC:\Windows\system32\mstsc.exeunknownfd191f5e-e4ef-11e3-9c61-8c89a5595d47
Error: (05/26/2014 06:08:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mstsc.exe6.1.7601.175144ce7ab44unknown0.0.0.000000000c000000500000000fea417c05a801cf78fcae200b62C:\Windows\system32\mstsc.exeunknownf32e9ada-e4ef-11e3-9c61-8c89a5595d47
Error: (05/26/2014 05:06:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE11.0.8411.0a4801cf78f3a36d4edb16C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE4148e119-e4e7-11e3-9c61-8c89a5595d47
Error: (05/26/2014 03:29:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2014 07:54:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 1791.18 MB
Available physical RAM: 818.94 MB
Total Pagefile: 3582.36 MB
Available Pagefile: 2481.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:411.11 GB) NTFS
Drive e: () (Fixed) (Total:76.69 GB) (Free:68.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 43287CB6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 482EC37D)
Partition 1: (Not Active) - (Size=77 GB) - (Type=07 NTFS)
==================== End Of Log ============================
| |