| |
| |||||||
Log-Analyse und Auswertung: ms13-052: security update, ich benötige bitte hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2014, 22:28
| #1 |
| |  ms13-052: security update, ich benötige bitte hilfe! Guten Abend, bei unserem PC ist heute leider ein Mail-Anhang geöffnet worden, der sich als schädlich herausgestellt hat. Nach dem Einschalten des PC´s dauert es nur kurz und dann erscheint eine Grafik mitten am Bildschirm mit der oben genannten Bezeichnung. Ich habe dann einmal gegoogelt und bin auf euch gestoßen. Da schon einige Leute hier mit dem selben Problem zu tun hatten hoffe ich, ihr könnt mir helfen. Ich möchte jedoch gleich vorausschicken, das ich ein blutigster "nur PC-Anwender" bin und wenn ihr mir helfen könnt dann bitte sollte es "Deppensicher" sein. Ich entschuldige mich jetzt schon für die eine oder andere Zwischenfrage... Herzlichen Dank im voraus! Tom |
|
17.06.2014, 23:28
| #2 |
| Ruhe in Frieden † 2019     | ms13-052: security update, ich benötige bitte hilfe! Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Du kannst aber schon noch Programme ausführen, es handelt sich nicht um einen Sperrbildschirm, korrekt? Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.06.2014, 08:01
| #3 |
| | ms13-052: security update, ich benötige bitte hilfe! [CODE][/
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by Admin (administrator) on ADMIN-PC on 18-06-2014 08:46:33
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PB08HAO
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(COMPANYVERS_NAME) C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
( ) C:\Program Files\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
(VER_COMPANY_NAME) C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-27] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Allin1Convert EPM Support] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2014-03-24] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [Allin1Convert Home Page Guard 32 bit] => C:\Program Files\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE [421448 2014-03-24] ( )
HKLM\...\Run: [Allin1Convert Search Scope Monitor] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe [55368 2014-03-24] (Mindspark)
HKLM\...\Run: [Allin1Convert_8h Browser Plugin Loader] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [61512 2014-03-24] (VER_COMPANY_NAME)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [iLivid] => "C:\Users\Admin\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Amazon Cloud Player] => C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [08LRTUVXYblwz] => C:\ProgramData\08LRTUVXYblwz.exe [388308 2014-06-17] (drfedcfvgy)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\MountPoints2: {1a412a60-aef5-11e1-bf40-001d60645ec3} - K:\Startme.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
URLSearchHook: HKCU - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=270254AA-0D66-457D-ACB7-FE99D5010ABC&ind=2014032413&n=780bb21d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll (Mindspark)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll (Mindspark)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @Allin1Convert_8h.com/Plugin - C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll (Mindspark)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
========================== Services (Whitelisted) =================
R2 Allin1Convert_8hService; C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [88648 2014-03-24] (COMPANYVERS_NAME)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 AVXBAR; C:\Windows\System32\DRIVERS\88xAXbar.sys [17344 2009-11-05] (DTV-DVB Technology, Inc.)
R3 BDATUNE; C:\Windows\System32\DRIVERS\88xBdaTune.sys [47936 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX23880; C:\Windows\System32\DRIVERS\88xAStream.sys [175552 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX88IR; C:\Windows\System32\DRIVERS\88xBdaIr.sys [23616 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CXAVSTS; C:\Windows\System32\DRIVERS\88xBdaCap.sys [28992 2009-11-05] (DTV-DVB Technology, Inc.)
S3 jnv4_mib; C:\Users\Admin\AppData\Local\Temp\jnv4_mib.sys [15872 2012-02-14] () [File not signed]
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 08:46 - 2014-06-18 08:46 - 00000000 ____D () C:\FRST
2014-06-17 13:19 - 2014-06-17 13:19 - 00388308 ____H (drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe
2014-06-17 10:54 - 2014-06-17 10:55 - 00000000 ____D () C:\82b4834a9ed971de942bb4
2014-06-11 09:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 09:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 09:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
2014-05-28 13:07 - 2014-05-28 13:07 - 00000000 _____ () C:\DFR20CD.tmp
2014-05-20 10:41 - 2014-05-20 10:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Comodo
2014-05-20 10:40 - 2014-05-20 10:40 - 00000984 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
==================== One Month Modified Files and Folders =======
2014-06-18 08:47 - 2012-02-04 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-18 08:46 - 2014-06-18 08:46 - 00000000 ____D () C:\FRST
2014-06-18 08:40 - 2012-02-04 14:28 - 01147678 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 08:39 - 2013-04-21 10:19 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 08:38 - 2013-04-21 10:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 07:13 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 07:08 - 2014-01-15 06:14 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-06-18 07:08 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-18 07:08 - 2014-01-15 06:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-18 07:06 - 2007-09-14 09:50 - 00000000 ____D () C:\Windows\SMINST
2014-06-18 07:06 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 07:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 07:06 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 23:40 - 2012-06-09 17:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-17 23:40 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 16:59 - 2012-10-04 15:08 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Temp
2014-06-17 16:57 - 2013-10-22 15:47 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\.minecraft
2014-06-17 16:57 - 2012-02-08 22:20 - 00002673 _____ () C:\Users\magdalena\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-06-17 15:30 - 2013-10-17 09:31 - 00000000 ____D () C:\Users\Lisi\AppData\Local\Temp
2014-06-17 13:19 - 2014-06-17 13:19 - 00388308 ____H (drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe
2014-06-17 10:55 - 2014-06-17 10:54 - 00000000 ____D () C:\82b4834a9ed971de942bb4
2014-06-15 14:16 - 2012-02-08 22:20 - 00002631 _____ () C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
2014-06-11 10:48 - 2012-02-08 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 10:47 - 2013-08-16 14:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 10:29 - 2012-02-11 23:07 - 00000000 ____D () C:\Thomas Maderthaner
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
2014-06-03 16:28 - 2012-10-04 15:35 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\Adobe
2014-05-29 06:58 - 2014-01-15 06:14 - 00000961 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-05-29 06:58 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 18:48 - 2014-06-11 09:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 09:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 09:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 09:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 09:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 09:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 09:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 09:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 09:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 09:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 13:07 - 2014-05-28 13:07 - 00000000 _____ () C:\DFR20CD.tmp
2014-05-23 11:19 - 2012-02-11 22:48 - 00040448 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-20 21:37 - 2012-03-23 09:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-20 10:41 - 2014-05-20 10:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Comodo
2014-05-20 10:40 - 2014-05-20 10:40 - 00000984 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-05-20 10:40 - 2013-04-02 18:19 - 00001910 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-05-20 10:39 - 2013-04-02 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-05-20 00:12 - 2012-02-11 23:08 - 00000000 ____D () C:\TMK WINDHAG
Files to move or delete:
====================
C:\ProgramData\08LRTUVXYblwz.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpflmyon.dll
C:\Users\Admin\AppData\Local\Temp\installhelper.dll
C:\Users\Admin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll
C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Admin\AppData\Local\Temp\SIntf16.dll
C:\Users\Admin\AppData\Local\Temp\SIntf32.dll
C:\Users\Admin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Admin\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Admin\AppData\Local\Temp\stubhelper.dll
C:\Users\Admin\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Admin\AppData\Local\Temp\_is816F.exe
C:\Users\Admin\AppData\Local\Temp\_isD28A.exe
C:\Users\Admin\AppData\Local\Temp\~convert2201916351957330720.exe
C:\Users\Admin\AppData\Local\Temp\~convert5511392676484892479.exe
C:\Users\Lisi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijtma1.dll
C:\Users\magdalena\AppData\Local\Temp\i4jdel0.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel1.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel2.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel3.exe
C:\Users\magdalena\AppData\Local\Temp\symlcsv1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 07:12
==================== End Of Log ============================
--- --- --- --- --- --- CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by Admin at 2014-06-18 08:47:42
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PB08HAO
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Allin1Convert Internet Explorer Toolbar (HKLM\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - )
Cinergy S PCI V1.00.02.09c (HKLM\...\Cinergy S PCI) (Version: 1.00.02.09c - )
Civilization: Call To Power (HKLM\...\Activision_CivCTPUninstallKey) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Finale 2009 (HKLM\...\Finale 2009) (Version: 14.2.r3.0 - MakeMusic)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HappyFoto-Designer 4.5 (HKLM\...\HappyFoto-Designer_is1) (Version: - )
HP Active Support Library (Version: 2.0.12.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}) (Version: 1.2.13 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LG PC Suite (HKLM\...\LG PC Suite) (Version: 5.2.26.20130220 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
LightScribe 1.8.13.1 (Version: 1.8.13.1 - Ihr Firmenname) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
Optimierte Multimedia-Tastatur-Lösung (HKLM\...\KBD) (Version: - Hewlett-Packard)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5444 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sid Meier's Civilization 4 Complete (HKLM\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SweetIM for Messenger 3.6 (HKLM\...\{B85C4CB2-B352-4BD8-818C-BCE353599107}) (Version: 3.6.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.4 (HKLM\...\{2F603A45-D956-496B-81B5-50D782424976}) (Version: 4.4.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.15.11 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Restore Points =========================
16-05-2014 06:36:16 Geplanter Prüfpunkt
17-05-2014 05:35:46 Geplanter Prüfpunkt
18-05-2014 11:26:54 Geplanter Prüfpunkt
19-05-2014 05:26:33 Geplanter Prüfpunkt
20-05-2014 19:38:43 Geplanter Prüfpunkt
20-05-2014 19:49:31 Windows Update
21-05-2014 19:37:43 Geplanter Prüfpunkt
23-05-2014 05:11:18 Geplanter Prüfpunkt
24-05-2014 09:21:22 Geplanter Prüfpunkt
25-05-2014 11:58:52 Geplanter Prüfpunkt
26-05-2014 12:37:10 Geplanter Prüfpunkt
27-05-2014 07:38:14 Geplanter Prüfpunkt
28-05-2014 11:08:51 Geplanter Prüfpunkt
29-05-2014 10:54:22 Geplanter Prüfpunkt
30-05-2014 05:13:16 Geplanter Prüfpunkt
31-05-2014 07:03:42 Windows Update
01-06-2014 11:14:03 Geplanter Prüfpunkt
02-06-2014 20:20:10 Geplanter Prüfpunkt
03-06-2014 17:47:38 Geplanter Prüfpunkt
05-06-2014 08:35:20 Geplanter Prüfpunkt
06-06-2014 05:55:39 Geplanter Prüfpunkt
08-06-2014 05:07:23 Geplanter Prüfpunkt
08-06-2014 05:09:33 Windows Update
10-06-2014 06:51:56 Geplanter Prüfpunkt
11-06-2014 06:55:50 Geplanter Prüfpunkt
11-06-2014 08:43:51 Windows Update
12-06-2014 05:07:56 Geplanter Prüfpunkt
14-06-2014 08:54:51 Geplanter Prüfpunkt
15-06-2014 05:08:47 Geplanter Prüfpunkt
16-06-2014 07:49:22 Geplanter Prüfpunkt
17-06-2014 08:54:16 Windows Update
18-06-2014 06:39:57 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0C0DC545-2F0E-461D-837B-7C7422928FC2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-739628380-1346005733-1021919314-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {0E642264-9BFE-4A3A-89D5-37BCA5C35999} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-739628380-1346005733-1021919314-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1944EC39-C4F4-4832-A7D1-7932A3B82C53} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29A892B2-9CEF-43DF-A848-9ED71E166BF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {3597495E-837F-4145-9ABB-1CD94B2FAD03} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D859521-EE36-4E49-85E6-00CF563A3B19} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4ECFD99B-F25E-44CF-AA18-9A8F1D06B4DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {A18C33BE-6409-46CE-A9F8-4EB959B00EF9} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24] (Hewlett-Packard)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B18ABB54-6127-474D-90F0-85EEBF2B639B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()
Task: {CC3E1AC7-39B4-492A-8F64-75F809BB4396} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-05-17] ()
Task: {D83BAB2C-1462-4770-AA7F-42B5135057E2} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lisi => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {E1538D65-6140-47EF-AB94-119B6C3F0A55} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2003-07-14 17:12 - 2003-07-14 17:12 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2013-03-06 03:21 - 2013-03-06 03:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-23 16:30 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-06-18 07:07 - 2014-06-18 07:07 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpflmyon.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2014 02:28:31 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{C746A129-F999-4DE4-9990-5E74F23204F1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/15/2014 07:21:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16555 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1ea4
Anfangszeit: 01cf87b804d93630
Zeitpunkt der Beendigung: 168
Error: (06/13/2014 06:52:12 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{060FB302-F9B7-43EE-BC2B-3F8E9986D3F9}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/12/2014 04:38:01 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{D09EDC32-FDD3-4982-B211-4E4139833F60}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/11/2014 00:38:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16555 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13a0
Anfangszeit: 01cf856128d8f05e
Zeitpunkt der Beendigung: 15
Error: (06/10/2014 02:28:17 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{38283D64-6B66-4C86-9C05-2C1AB77AA113}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/01/2014 04:56:38 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{093622F0-2295-49AE-8F79-8F5416213AA4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (05/29/2014 03:31:21 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{90D887A7-D16C-4498-B6AE-F49A24192392}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (05/24/2014 05:12:30 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CF15FF28-1962-4EB8-BBF8-DCB9092C782E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (05/24/2014 00:58:10 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{314E79F8-8CC5-48D1-8C4B-E9ECF76B5AE5}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (06/18/2014 07:07:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (06/18/2014 07:07:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/18/2014 07:07:06 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.0.0.4 für die Netzwerkkarte mit der Netzwerkadresse 00C0A8F9FFA8 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (06/17/2014 11:15:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (06/17/2014 11:15:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/17/2014 09:58:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (06/17/2014 09:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/17/2014 03:52:02 PM) (Source: DCOM) (EventID: 10016) (User: Admin-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Admin-PCmagdalenaS-1-5-21-739628380-1346005733-1021919314-1001LocalHost (unter Verwendung von LRPC)
Error: (06/17/2014 02:18:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
Error: (06/17/2014 02:18:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (05/30/2013 08:02:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 119 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-05-20 11:21:03.704
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-20 11:21:03.428
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-20 10:45:38.539
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-20 10:45:38.263
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:48:49.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:48:48.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:47:26.049
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:47:25.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:46:02.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-23 22:46:02.734
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 3581.63 MB
Available physical RAM: 2586.07 MB
Total Pagefile: 7389.75 MB
Available Pagefile: 6079.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.71 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:458.52 GB) (Free:328.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE Vista) (Fixed) (Total:7.24 GB) (Free:0.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 5565F138)
Partition 1: (Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
zu deiner Frage: ja ich kann Programme ganz normal ausführen, es ist nur dieses Fenster in der mitte des Bildschirms da. lg tom |
|
18.06.2014, 22:23
| #4 |
| Ruhe in Frieden † 2019 | ms13-052: security update, ich benötige bitte hilfe! Hallo Tom, gut gemacht  Habt ihr normalerweise ein Antivirenprogramm auf dem Rechner? Wie sieht es nach diesen Schritten aus? Schritt 1 Bitte deinstalliere folgende Programme: Allin1Convert Internet Explorer Toolbar SweetIM for Messenger 3.6 SweetPacks Toolbar for Internet Explorer 4.4 Dazu gehe auf Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter (drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [08LRTUVXYblwz] => C:\ProgramData\08LRTUVXYblwz.exe [388308 2014-06-17] (drfedcfvgy)
C:\ProgramData\08LRTUVXYblwz.exe
C:\82b4834a9ed971de942bb4
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 4 Starte noch einmal FRST.
|
|
19.06.2014, 23:35
| #5 |
| | ms13-052: security update, ich benötige bitte hilfe! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:18-06-2014 Ran by Admin at 2014-06-20 00:18:23 Run:1 Running from C:\Users\Admin\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** (drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [08LRTUVXYblwz] => C:\ProgramData\08LRTUVXYblwz.exe [388308 2014-06-17] (drfedcfvgy) C:\ProgramData\08LRTUVXYblwz.exe C:\82b4834a9ed971de942bb4 ***************** C:\ProgramData\08LRTUVXYblwz.exe => No running process found HKU\S-1-5-21-739628380-1346005733-1021919314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\08LRTUVXYblwz => value deleted successfully. C:\ProgramData\08LRTUVXYblwz.exe => Moved successfully. C:\82b4834a9ed971de942bb4 => Moved successfully. ==== End of Fixlog ==== schönen abend, hoffe das paßt so... zu deinen fragen: nein haben wir nicht (leider) schritt 3 muß ich noch durchführen bis dann AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 20/06/2014 um 00:25:41
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Allin1Convert_8h
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Lisi\AppData\LocalLow\Allin1Convert_8h
Ordner Gelöscht : C:\Users\Lisi\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\magdalena\AppData\Local\Allin1Convert_8h
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\Allin1Convert_8h
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\magdalena\AppData\LocalLow\SweetIM
Datei Gelöscht : C:\Users\Admin\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Admin\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Admin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\iLivid.torrent
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\allin1convert_8h
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\allin1convert_8h
Schlüssel Gelöscht : HKLM\Software\allin1convert_8h
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16555
*************************
AdwCleaner[R0].txt - [4450 octets] - [20/06/2014 00:24:59]
AdwCleaner[S0].txt - [4371 octets] - [20/06/2014 00:25:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4431 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by Admin (administrator) on ADMIN-PC on 20-06-2014 00:31:45
Running from C:\Users\Admin\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-27] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Amazon Cloud Player] => C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\MountPoints2: {1a412a60-aef5-11e1-bf40-001d60645ec3} - K:\Startme.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=270254AA-0D66-457D-ACB7-FE99D5010ABC&ind=2014032413&n=780bb21d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
========================== Services (Whitelisted) =================
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 AVXBAR; C:\Windows\System32\DRIVERS\88xAXbar.sys [17344 2009-11-05] (DTV-DVB Technology, Inc.)
R3 BDATUNE; C:\Windows\System32\DRIVERS\88xBdaTune.sys [47936 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX23880; C:\Windows\System32\DRIVERS\88xAStream.sys [175552 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX88IR; C:\Windows\System32\DRIVERS\88xBdaIr.sys [23616 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CXAVSTS; C:\Windows\System32\DRIVERS\88xBdaCap.sys [28992 2009-11-05] (DTV-DVB Technology, Inc.)
S3 jnv4_mib; C:\Users\Admin\AppData\Local\Temp\jnv4_mib.sys [15872 2012-02-14] () [File not signed]
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-20 00:24 - 2014-06-20 00:25 - 00000000 ____D () C:\AdwCleaner
2014-06-20 00:23 - 2014-06-20 00:23 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-20 00:16 - 2014-06-20 00:16 - 01072128 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-06-20 00:13 - 2014-06-20 00:31 - 00013710 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-20 00:12 - 2014-06-20 00:13 - 00027918 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-06-20 00:12 - 2014-06-20 00:12 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-06-20 00:09 - 2014-06-20 00:09 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-20 00:02 - 2014-06-20 00:02 - 00000104 _____ () C:\Users\Admin\Desktop\Papierkorb - Verknüpfung.lnk
2014-06-19 23:54 - 2014-03-24 19:55 - 00859720 _____ (Mindspark) C:\Program Files\8hUninstall Allin1Convert.dll
2014-06-19 23:54 - 2014-03-24 19:55 - 00197000 _____ () C:\Program Files\8hres.dll
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST1.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition1.txt
2014-06-18 08:46 - 2014-06-20 00:31 - 00000000 ____D () C:\FRST
2014-06-11 09:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 09:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 09:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
2014-05-28 13:07 - 2014-05-28 13:07 - 00000000 _____ () C:\DFR20CD.tmp
==================== One Month Modified Files and Folders =======
2014-06-20 00:31 - 2014-06-20 00:13 - 00013710 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-20 00:31 - 2014-06-18 08:46 - 00000000 ____D () C:\FRST
2014-06-20 00:31 - 2012-02-04 14:28 - 01197929 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 00:28 - 2014-01-15 06:14 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-06-20 00:28 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-20 00:28 - 2014-01-15 06:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-20 00:27 - 2013-04-21 10:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-20 00:27 - 2007-09-14 09:52 - 00132718 _____ () C:\Windows\PFRO.log
2014-06-20 00:27 - 2007-09-14 09:50 - 00000000 ____D () C:\Windows\SMINST
2014-06-20 00:27 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 00:27 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 00:27 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 00:26 - 2012-06-09 17:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-20 00:26 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 00:25 - 2014-06-20 00:24 - 00000000 ____D () C:\AdwCleaner
2014-06-20 00:23 - 2014-06-20 00:23 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-20 00:16 - 2014-06-20 00:16 - 01072128 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-06-20 00:13 - 2014-06-20 00:12 - 00027918 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-06-20 00:12 - 2014-06-20 00:12 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-06-20 00:09 - 2014-06-20 00:09 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-20 00:02 - 2014-06-20 00:02 - 00000104 _____ () C:\Users\Admin\Desktop\Papierkorb - Verknüpfung.lnk
2014-06-19 23:56 - 2013-04-21 10:19 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 23:31 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST1.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition1.txt
2014-06-17 16:57 - 2013-10-22 15:47 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\.minecraft
2014-06-17 16:57 - 2012-02-08 22:20 - 00002673 _____ () C:\Users\magdalena\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-06-15 14:16 - 2012-02-08 22:20 - 00002631 _____ () C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
2014-06-11 10:48 - 2012-02-08 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 10:47 - 2013-08-16 14:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 10:29 - 2012-02-11 23:07 - 00000000 ____D () C:\Thomas Maderthaner
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
2014-06-03 16:28 - 2012-10-04 15:35 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\Adobe
2014-05-29 06:58 - 2014-01-15 06:14 - 00000961 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-05-29 06:58 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 18:48 - 2014-06-11 09:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 09:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 09:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 09:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 09:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 09:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 09:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 09:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 09:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 09:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 13:07 - 2014-05-28 13:07 - 00000000 _____ () C:\DFR20CD.tmp
2014-05-23 11:19 - 2012-02-11 22:48 - 00040448 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkw6dzg.dll
C:\Users\Admin\AppData\Local\Temp\installhelper.dll
C:\Users\Admin\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll
C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SIntf16.dll
C:\Users\Admin\AppData\Local\Temp\SIntf32.dll
C:\Users\Admin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Admin\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Admin\AppData\Local\Temp\stubhelper.dll
C:\Users\Admin\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Admin\AppData\Local\Temp\_is816F.exe
C:\Users\Admin\AppData\Local\Temp\_isD28A.exe
C:\Users\Admin\AppData\Local\Temp\~convert2201916351957330720.exe
C:\Users\Admin\AppData\Local\Temp\~convert5511392676484892479.exe
C:\Users\Lisi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijtma1.dll
C:\Users\magdalena\AppData\Local\Temp\i4jdel0.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel1.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel2.exe
C:\Users\magdalena\AppData\Local\Temp\i4jdel3.exe
C:\Users\magdalena\AppData\Local\Temp\symlcsv1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 23:40
==================== End Of Log ============================
--- --- --- --- --- --- es sieht so aus: fenster ist keines mehr da, auch sonst fällt mir nichts ungewöhnliches auf darf ich schon hoffen? auf jeden fall danke ich dir jetzt schon herzlich für deine geduld lg tom |
|
20.06.2014, 22:26
| #6 | ||
| Ruhe in Frieden † 2019 | ms13-052: security update, ich benötige bitte hilfe!Zitat:
Gibt doch vernünftige AVs die nix kosten  Zitat:
Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=270254AA-0D66-457D-ACB7-FE99D5010ABC&ind=2014032413&n=780bb21d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
2014-06-19 23:54 - 2014-03-24 19:55 - 00859720 _____ (Mindspark) C:\Program Files\8hUninstall Allin1Convert.dll
2014-06-19 23:54 - 2014-03-24 19:55 - 00197000 _____ () C:\Program Files\8hres.dll
C:\DFR20CD.tmp
C:\Users\Lisi\AppData\Local\Temp\*.exe
C:\Users\Admin\AppData\Local\Temp\*.dll
C:\Users\Admin\AppData\Local\Temp\*.exe
C:\Users\Lisi\AppData\Local\Temp\*.dll
C:\Users\magdalena\AppData\Local\Temp\*.dll
C:\Users\magdalena\AppData\Local\Temp\*.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
__________________ --> ms13-052: security update, ich benötige bitte hilfe! |
|
21.06.2014, 14:29
| #7 |
| | ms13-052: security update, ich benötige bitte hilfe! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-06-2014 01 Ran by Admin at 2014-06-21 07:46:32 Run:2 Running from C:\Users\Admin\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^at&si=flvrunner&ptb=270254AA-0D66-457D-ACB7-FE99D5010ABC&ind=2014032413&n=780bb21d&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKCU - {E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 2014-06-19 23:54 - 2014-03-24 19:55 - 00859720 _____ (Mindspark) C:\Program Files\8hUninstall Allin1Convert.dll 2014-06-19 23:54 - 2014-03-24 19:55 - 00197000 _____ () C:\Program Files\8hres.dll C:\DFR20CD.tmp C:\Users\Lisi\AppData\Local\Temp\*.exe C:\Users\Admin\AppData\Local\Temp\*.dll C:\Users\Admin\AppData\Local\Temp\*.exe C:\Users\Lisi\AppData\Local\Temp\*.dll C:\Users\magdalena\AppData\Local\Temp\*.dll C:\Users\magdalena\AppData\Local\Temp\*.exe ***************** 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{E5D7E5C3-67B3-4004-8B76-3FC7D4C6AB7C}'=> Key not found. "C:\Program Files\8hUninstall Allin1Convert.dll" => File/Directory not found. "C:\Program Files\8hres.dll" => File/Directory not found. C:\DFR20CD.tmp => Moved successfully. "C:\Users\Lisi\AppData\Local\Temp\*.exe" => File/Directory not found. C:\Users\Admin\AppData\Local\Temp\*.dll => Moved successfully. C:\Users\Admin\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\Lisi\AppData\Local\Temp\*.dll => Moved successfully. "C:\Users\magdalena\AppData\Local\Temp\*.dll" => File/Directory not found. C:\Users\magdalena\AppData\Local\Temp\*.exe => Moved successfully. ==== End of Fixlog ==== schritt 2 Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.06.2014 Suchlauf-Zeit: 07:54:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.21.02 Rootkit Datenbank: v2014.06.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 317287 Verstrichene Zeit: 8 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 11 PUP.Optional.SearchQu, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [37df8af13e3dbe78a6938dbb19e9837d], PUP.Optional.SearchQu, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [37df8af13e3dbe78a6938dbb19e9837d], PUP.Optional.SweetPacks, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [d83e116ab4c7be7886b976d22ed4916f], PUP.Optional.SweetPacks, HKU\S-1-5-21-739628380-1346005733-1021919314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [d83e116ab4c7be7886b976d22ed4916f], PUP.Optional.SweetPacks, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [d83e116ab4c7be7886b976d22ed4916f], PUP.Optional.SweetPacks, HKU\S-1-5-21-739628380-1346005733-1021919314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [d83e116ab4c7be7886b976d22ed4916f], PUP.Optional.DataMngr.A, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [8195a3d893e86acc333b8955d72c32ce], PUP.Optional.DataMngr.A, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [46d0e893f2894ceab3bae6f81de6a25e], PUP.Optional.MindSpark.A, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Allin1Convert_8h, In Quarantäne, [f422d6a5097241f584ecedbfd72b17e9], PUP.Optional.Softonic.A, HKU\S-1-5-21-739628380-1346005733-1021919314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [53c348330d6ebd79230ea80fea18ad53], PUP.Optional.MindSpark.A, HKU\S-1-5-21-739628380-1346005733-1021919314-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Allin1Convert_8h, In Quarantäne, [50c6e09b2f4cc670b8b8e9c38e74cf31], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 Rogue.Link, C:\Users\Public\Desktop\MP3 Downloader.lnk, In Quarantäne, [8c8a3a416a11d95d2b97807dad553fc1], Physische Sektoren: 0 (No malicious items detected) (end) schritt 3 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=9813b740ece119428babffd029824ce0 # engine=18813 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-06-21 12:37:24 # local_time=2014-06-21 02:37:24 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='' # compatibility_mode=5892 16776573 100 100 24853 240886972 0 0 # scanned=275440 # found=13 # cleaned=0 # scan_time=5661 sh=2D496D91A9AE3F241640008AE1BA10B38DCB86EB ft=1 fh=2e3c12eb1c3fa695 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll.vir" sh=A8D072DF6C91BADCCAC1D06D6C7F64FF9E0F1CAB ft=1 fh=ef28a5c45bf331d6 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll.vir" sh=CCFC94E19336D2BAABA112A23C9F3447F62ACCF3 ft=1 fh=edc85b33f033e1ee vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll.vir" sh=2EE6DC8BC18A9024A441379C66FAAF23190701EC ft=1 fh=90e557540c9a8688 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll.vir" sh=DF84DDF55503EBA22BD7E0B80C893F6383DEF979 ft=1 fh=a95a7c3a999f4152 vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir" sh=0E95589F14A5DC461E2D9C104C193843992C6B63 ft=1 fh=ed5a3f7b6e55b559 vn="Variante von Win32/Kryptik.CEGR Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\08LRTUVXYblwz.exe.xBAD" sh=5AAC581EAA7D447162F3599D37D754638E12482D ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Agent.APP Trojaner" ac=I fn="C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64PZWMN9\Quittung 17-06-2014.rtf" sh=36E3F651E8EB38047AF7141A0676BC21F6034884 ft=1 fh=4f5df205b838fb9f vn="Win32/TrojanDownloader.Agent.APP Trojaner" ac=I fn="C:\Users\Admin\AppData\Local\Temp\quit1206.cpl" sh=26C5CC92C355D7AAEF3F70479E25CFB9DE73FC35 ft=1 fh=1df8bc41e7f4c46c vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe" sh=3DE5B9A991A3564EF06AAF6A2053DBA1F6FB89D3 ft=1 fh=b35010cf565da6d5 vn="Win32/Toolbar.Inbox.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B4CFA73\PublicTransportSetup.exe" sh=55054524CEF2A9B624D3B94E7DCF1AD58319D2D5 ft=1 fh=54b8a0658876f82a vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\magdalena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B4CFA73\SoftonicDownloader_fuer_geogebra.exe" sh=55054524CEF2A9B624D3B94E7DCF1AD58319D2D5 ft=1 fh=54b8a0658876f82a vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\magdalena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAP7H7YO\SoftonicDownloader_fuer_geogebra.exe" sh=08D4F25E992AEB0CE326F5323099D16DCF426092 ft=1 fh=cbc7640e64e04250 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="C:\Users\magdalena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBU7JXRM\Allin1Convert.exe" schritt 4 FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by Admin (administrator) on ADMIN-PC on 21-06-2014 15:23:29
Running from C:\Users\Admin\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-05-24] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateReg] => C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-03-27] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Run: [Amazon Cloud Player] => C:\Users\Admin\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-739628380-1346005733-1021919314-1000\...\MountPoints2: {1a412a60-aef5-11e1-bf40-001d60645ec3} - K:\Startme.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-739628380-1346005733-1021919314-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {F5309919-1224-4708-BAF8-C9ECB3CE4917} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-09]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-27]
========================== Services (Whitelisted) =================
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-05-24] (Hewlett-Packard) [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 AVXBAR; C:\Windows\System32\DRIVERS\88xAXbar.sys [17344 2009-11-05] (DTV-DVB Technology, Inc.)
R3 BDATUNE; C:\Windows\System32\DRIVERS\88xBdaTune.sys [47936 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX23880; C:\Windows\System32\DRIVERS\88xAStream.sys [175552 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CX88IR; C:\Windows\System32\DRIVERS\88xBdaIr.sys [23616 2009-11-05] (DTV-DVB Technology, Inc.)
R3 CXAVSTS; C:\Windows\System32\DRIVERS\88xBdaCap.sys [28992 2009-11-05] (DTV-DVB Technology, Inc.)
S3 jnv4_mib; C:\Users\Admin\AppData\Local\Temp\jnv4_mib.sys [15872 2012-02-14] () [File not signed]
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-21 15:23 - 2014-06-21 15:23 - 00014387 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-21 12:56 - 2014-06-21 12:56 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2014-06-21 07:53 - 2014-06-21 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 07:53 - 2014-06-21 07:53 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 07:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 07:53 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 07:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 07:51 - 2014-06-21 07:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 07:46 - 2014-06-21 07:46 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-06-21 07:43 - 2014-06-21 15:23 - 00000000 ____D () C:\Users\Admin\Desktop\antivirus
2014-06-20 00:24 - 2014-06-20 00:25 - 00000000 ____D () C:\AdwCleaner
2014-06-20 00:23 - 2014-06-20 00:23 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-20 00:16 - 2014-06-21 07:46 - 01070592 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-06-20 00:12 - 2014-06-20 00:13 - 00027918 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-06-20 00:12 - 2014-06-20 00:12 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-06-20 00:09 - 2014-06-20 00:09 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-20 00:02 - 2014-06-20 00:02 - 00000104 _____ () C:\Users\Admin\Desktop\Papierkorb - Verknüpfung.lnk
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST1.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition1.txt
2014-06-18 08:46 - 2014-06-21 15:23 - 00000000 ____D () C:\FRST
2014-06-11 09:21 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:21 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:21 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:21 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:21 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:21 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 09:21 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:21 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:21 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:21 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:21 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 09:21 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 09:21 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:21 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:21 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:21 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:21 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
2014-06-21 15:23 - 2014-06-21 15:23 - 00014387 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-21 15:23 - 2014-06-21 07:43 - 00000000 ____D () C:\Users\Admin\Desktop\antivirus
2014-06-21 15:23 - 2014-06-18 08:46 - 00000000 ____D () C:\FRST
2014-06-21 15:07 - 2012-02-04 14:28 - 01248870 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 14:56 - 2013-04-21 10:19 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 14:51 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 14:51 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 12:56 - 2014-06-21 12:56 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2014-06-21 12:52 - 2014-06-21 07:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 07:56 - 2013-04-21 10:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 07:53 - 2014-06-21 07:53 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 07:53 - 2014-06-21 07:53 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 07:52 - 2014-06-21 07:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-21 07:46 - 2014-06-21 07:46 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-06-21 07:46 - 2014-06-20 00:16 - 01070592 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-06-21 07:41 - 2006-11-02 12:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 07:37 - 2014-01-15 06:14 - 00000000 ___RD () C:\Users\Admin\Dropbox
2014-06-21 07:37 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-21 07:37 - 2014-01-15 06:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-21 07:35 - 2007-09-14 09:50 - 00000000 ____D () C:\Windows\SMINST
2014-06-21 07:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 19:08 - 2012-06-09 17:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-20 19:08 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 00:27 - 2007-09-14 09:52 - 00132718 _____ () C:\Windows\PFRO.log
2014-06-20 00:25 - 2014-06-20 00:24 - 00000000 ____D () C:\AdwCleaner
2014-06-20 00:23 - 2014-06-20 00:23 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-20 00:13 - 2014-06-20 00:12 - 00027918 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-06-20 00:12 - 2014-06-20 00:12 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-06-20 00:09 - 2014-06-20 00:09 - 01072128 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-20 00:02 - 2014-06-20 00:02 - 00000104 _____ () C:\Users\Admin\Desktop\Papierkorb - Verknüpfung.lnk
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00030121 _____ () C:\Users\Admin\Documents\FRST1.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition2.txt
2014-06-18 10:04 - 2014-06-18 10:04 - 00028810 _____ () C:\Users\Admin\Documents\Addition1.txt
2014-06-17 16:57 - 2013-10-22 15:47 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\.minecraft
2014-06-17 16:57 - 2012-02-08 22:20 - 00002673 _____ () C:\Users\magdalena\Desktop\Microsoft Office PowerPoint 2007.lnk
2014-06-15 14:16 - 2012-02-08 22:20 - 00002631 _____ () C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
2014-06-11 10:48 - 2012-02-08 22:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 10:47 - 2013-08-16 14:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:46 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 10:29 - 2012-02-11 23:07 - 00000000 ____D () C:\Thomas Maderthaner
2014-06-03 16:28 - 2014-06-03 16:28 - 00000000 ____D () C:\Users\magdalena\AppData\Local\Adobe
2014-06-03 16:28 - 2012-10-04 15:35 - 00000000 ____D () C:\Users\magdalena\AppData\Roaming\Adobe
2014-05-29 06:58 - 2014-01-15 06:14 - 00000961 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2014-05-29 06:58 - 2014-01-15 06:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 18:48 - 2014-06-11 09:21 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-11 09:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-11 09:21 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-11 09:21 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-11 09:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-11 09:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-11 09:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-11 09:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-11 09:21 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-11 09:21 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-11 09:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-11 09:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-11 09:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-23 11:19 - 2012-02-11 22:48 - 00040448 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-21 07:41
==================== End Of Log ============================
--- --- --- --- --- --- hi sandra, danke wiedereinmal für deine mühen, hättest du einen tipp bez anitvir programmen die sinn machen? lg tom |
|
21.06.2014, 22:38
| #8 |
| Ruhe in Frieden † 2019 | ms13-052: security update, ich benötige bitte hilfe! Hallo Tom, bitte sehr Ich kann dir Avast Free, bzw 2014 empfehlen. Avast 2014 Gut, dann löschen wir jetzt die Funde. Bitte ladet euch zukünftig Software wann immer es geht direkt vom Hersteller und meidet Softonic, die haben meist immer unerwünschte Beigaben in ihren Downloads. Schritt 1 Datenträgerbereinigung
Schritt 2 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
|
22.06.2014, 08:56
| #9 |
| | ms13-052: security update, ich benötige bitte hilfe! Hallo Sandra, hat alles wunderbar geklappt, ich danke dir vielmals und wünsche dir und dem ganzen Team weiterhin alles gute! Lg Tom |
|
| Themen zu ms13-052: security update, ich benötige bitte hilfe! |
| andere, benötige, dauert, einschalten, erscheint, mail-anhang, ms13-052, problem, pup.optional.datamngr.a, pup.optional.mindspark.a, pup.optional.searchqu, pup.optional.softonic.a, pup.optional.sweetpacks, rogue.link, security, security update, win32/kryptik.cegr, win32/softonicdownloader.f, win32/sweetim.b, win32/toolbar.inbox.h, win32/toolbar.mywebsearch.ac, win32/toolbar.searchsuite.a, win32/trojandownloader.agent.app |
Linear-Darstellung
