| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programme starten stark verzögert (10s)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2014, 16:03
| #1 |
 |  Programme starten stark verzögert (10s) Hallo, Ich habe seit einiger Zeit ein eigenartiges Problem: Wenn ich meinen PC (Windows 7 32 Bit) starte, läuft erstmal alles ganz normal. Dann nach einiger Zeit, meist so 2-5 Minuten starten Programme nur noch stark verzögert. D.h. es dauert z.Bsp. 10 und mehr Sekunden bis ein Word Dokument geöffnet wird. Normalerweise geht das in 1 Sekunde, ich habe auch eine SSD in dem PC. Auch sind weitere PC-Aktionen dann stark verzögert. Z.Bsp. STRG+ALT+ENTF funktioniert nur sehr langsam. Was auch komisch ist, dass der Drucker hin und wieder ohne irgend einen Auftrag, das folgende druckt: %-12345X@PJL @PJL USTATUS TIMED 30 Über eine Idee woran das alles liegen könnte und eine Antwort wäre ich Euch sehr dankbar! Viele Grüße, Jonas |
|
19.06.2014, 16:15
| #2 |
| /// the machine /// TB-Ausbilder    | Programme starten stark verzögert (10s) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.06.2014, 16:43
| #3 |
| | Programme starten stark verzögert (10s) Hi, super danke! Hier kommen die Scans:
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by helmut (administrator) on HELMUTDESKTOP on 19-06-2014 17:39:24
Running from C:\Users\helmut\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Cristi) C:\Program Files\Dual Monitor\DualMonitor.exe
() D:\Programme\Salamand\SALAMAND.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3419901750-1294363576-1798334200-1000\...\Run: [dualmonitor] => C:\Program Files\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
HKU\S-1-5-21-3419901750-1294363576-1798334200-1000\...\MountPoints2: {1f1a7dae-2b98-11e3-af93-806e6f6e6963} - D:\Bin\ASSETUP.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.de/
BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: SBCONVERT Class - {92A9ACF4-9333-43AE-9698-DB283326F87F} - D:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Programme\SPEEDbit Video Downloader\Toolbar\grabber.dll (SPEEDbit)
Toolbar: HKLM - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default
FF SearchEngineOrder.1: Search-Results
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/ig
FF Keyword.URL: hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=de_DE&apn_uid=779D480A-5BEA-4E0E-B663-20448CC9CDD8&apn_ptnrs=2R&apn_sauid=32383BAC-F4F4-42EC-B107-F59609BC8CE6&apn_dtid=get006YYDE&q=
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\geocaching.xml
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-07]
FF Extension: Adblock Plus - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF Extension: SPEEDbit Video Downloader - D:\Programme\SPEEDbit Video Downloader\SPFireFox [2014-01-31]
FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files\SearchPredict\PRFireFox
FF Extension: SearchPredict - C:\Program Files\SearchPredict\PRFireFox [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - D:\Programme\SPEEDbit Video Downloader\SPFireFox
FF Extension: SPEEDbit Video Downloader - D:\Programme\SPEEDbit Video Downloader\SPFireFox [2014-01-31]
Chrome:
=======
CHR Extension: (SpeedBit Video Downloader) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2014-06-11]
CHR Extension: (SpeedBit Search Predict) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR HKLM\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - D:\Programme\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2014-01-31]
CHR HKLM\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files\SearchPredict\Chrome\SearchPredictChrome.crx [2014-01-31]
========================== Services (Whitelisted) =================
S4 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21400 2012-11-28] (Promethean)
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 SkypeUpdate; D:\Programme\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-05-26] (Oak Technology Inc.) [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-21] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-10-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-10-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-20] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (www.winchiphead.com)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-31] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-03-12] (Intel Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-19 17:39 - 2014-06-19 17:39 - 00014876 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 17:38 - 2014-06-19 17:39 - 00000000 ____D () C:\FRST
2014-06-19 17:38 - 2014-06-19 17:38 - 01072128 _____ (Farbar) C:\Users\helmut\Downloads\FRST.exe
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:47 - 2014-06-19 15:47 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:42 - 2014-06-19 15:43 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:10 - 2014-06-18 22:11 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 16:22 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 16:22 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 16:22 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 16:22 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 16:22 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 16:22 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 16:22 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 16:22 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 16:22 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 16:22 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 16:20 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:20 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 14:08 - 2014-06-12 14:12 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 13:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:58 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:58 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:58 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:58 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:58 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:58 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:41 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 13:41 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 13:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 08:24 - 2014-06-12 14:04 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-11 23:13 - 2014-06-11 23:16 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:20 - 2014-06-11 17:22 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:05 - 2014-06-11 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2014-06-11 16:35 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 09:49 - 2014-06-11 09:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:20 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
2014-05-21 08:07 - 2014-05-21 08:07 - 00001832 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-21 08:06 - 2014-05-21 08:06 - 32753176 _____ (DVDVideoSoft Ltd. ) C:\Users\helmut\Downloads\FreeYouTubeDownload3235514.exe
==================== One Month Modified Files and Folders =======
2014-06-19 17:39 - 2014-06-19 17:39 - 00014876 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 17:39 - 2014-06-19 17:38 - 00000000 ____D () C:\FRST
2014-06-19 17:38 - 2014-06-19 17:38 - 01072128 _____ (Farbar) C:\Users\helmut\Downloads\FRST.exe
2014-06-19 17:07 - 2013-10-06 11:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 16:46 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 16:46 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 16:43 - 2010-11-20 23:01 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 16:42 - 2014-01-03 22:36 - 00000658 _____ () C:\Windows\helmut.xlb
2014-06-19 16:42 - 2013-10-02 21:26 - 01576619 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 16:40 - 2013-10-06 11:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 16:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 16:39 - 2009-07-14 06:39 - 00060776 _____ () C:\Windows\setupact.log
2014-06-19 16:15 - 2013-10-03 10:42 - 00000000 ____D () C:\Users\MailThunder\Verwaltung
2014-06-19 16:02 - 2010-11-20 23:48 - 00659030 _____ () C:\Windows\PFRO.log
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-19 15:56 - 2013-10-06 18:24 - 00000000 ____D () C:\Windows\pss
2014-06-19 15:55 - 2009-07-14 06:33 - 00345648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:50 - 2013-10-02 21:34 - 00086920 _____ () C:\Users\helmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:49 - 2013-10-02 23:07 - 00000000 ____D () C:\Users\helmut\Desktop\Programme
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:47 - 2014-06-19 15:47 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:46 - 2013-10-02 22:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 15:43 - 2014-06-19 15:42 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-19 15:33 - 2013-10-02 23:13 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\vlc
2014-06-19 12:56 - 2013-10-04 16:11 - 00000000 ____D () C:\winsv
2014-06-19 10:32 - 2013-10-03 10:41 - 00000000 ____D () C:\Users\MailThunder\GMX
2014-06-18 22:11 - 2014-06-18 22:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-18 10:16 - 2014-05-01 18:15 - 16206848 _____ () C:\Users\helmut\Desktop\FilmeauslesenW7.xls
2014-06-13 03:09 - 2013-10-06 11:44 - 00002123 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 17:21 - 2013-10-03 07:22 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-06-12 17:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-12 16:21 - 2014-05-07 03:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 14:12 - 2014-06-12 14:08 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 14:04 - 2014-06-12 08:24 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:49 - 2013-10-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:48 - 2013-10-02 22:33 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:16 - 2014-06-11 23:13 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:22 - 2014-06-11 17:20 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:06 - 2014-06-11 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:48 - 2013-10-10 21:44 - 00020942 _____ () C:\Users\helmut\ACTIVstudioError.log
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:35 - 2014-06-11 16:11 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 16:35 - 2013-10-02 23:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2013-10-02 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 15:53 - 2013-10-02 23:17 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Skype
2014-06-11 13:37 - 2014-05-01 17:14 - 02462720 _____ () C:\Users\helmut\Desktop\Serien.xls
2014-06-11 09:56 - 2013-11-03 15:02 - 00000000 ___RD () C:\Users\helmut\Dropbox
2014-06-11 09:56 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Dropbox
2014-06-11 09:48 - 2014-06-11 09:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 08:11 - 2014-05-07 06:34 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\DropboxMaster
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-08 10:48 - 2014-06-12 16:20 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 16:20 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 00:05 - 2013-12-26 11:41 - 00000000 ____D () C:\Windows\Minidump
2014-06-07 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060714-10530-01.dmp
2014-06-04 15:53 - 2013-10-15 21:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-04 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060414-11559-01.dmp
2014-06-04 00:05 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 17:30 - 2013-11-09 19:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 17:30 - 2013-11-09 19:09 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-02 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060214-11091-01.dmp
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-31 11:02 - 2014-01-31 17:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-30 11:18 - 2014-06-12 13:58 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 13:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 13:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 13:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 13:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 13:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 13:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 13:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 13:58 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 13:58 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:58 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 13:58 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 13:58 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 13:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 13:58 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 13:58 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:58 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 12:32 - 2013-10-20 19:19 - 00086920 _____ () C:\Users\helmut\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-05-27 17:43 - 2014-04-15 08:06 - 00000000 ____D () C:\ASVBackups
2014-05-27 06:32 - 2013-11-01 00:47 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\TeamViewer
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-05-26 23:21 - 2009-07-14 04:04 - 00000660 _____ () C:\Windows\win.ini
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
2014-05-26 17:06 - 2014-05-15 21:25 - 00000000 ____D () C:\ASVBackupHome
2014-05-25 08:49 - 2013-11-03 15:02 - 00001025 _____ () C:\Users\helmut\Desktop\Dropbox.lnk
2014-05-25 08:49 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 08:07 - 2014-05-21 08:07 - 00001832 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-21 08:07 - 2014-05-21 08:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-21 08:07 - 2014-03-11 20:24 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\DVDVideoSoft
2014-05-21 08:06 - 2014-05-21 08:06 - 32753176 _____ (DVDVideoSoft Ltd. ) C:\Users\helmut\Downloads\FreeYouTubeDownload3235514.exe
Some content of TEMP:
====================
C:\Users\helmut\AppData\Local\Temp\avgnt.exe
C:\Users\helmut\AppData\Local\Temp\cabex.dll
C:\Users\helmut\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph0kaqr.dll
C:\Users\helmut\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\helmut\AppData\Local\Temp\install_flashplayer14x32ax_gtbd_chrd_dn_aaa_aih.exe
C:\Users\helmut\AppData\Local\Temp\javagiac0.16700495699399487.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.4051804562410254.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.419835900781811.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.4357456038936083.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.4919978714348118.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.5882970368429847.dll
C:\Users\helmut\AppData\Local\Temp\javagiac0.694208125242414.dll
C:\Users\helmut\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\helmut\AppData\Local\Temp\MSETUP4.EXE
C:\Users\helmut\AppData\Local\Temp\ose00000.exe
C:\Users\helmut\AppData\Local\Temp\ose00001.exe
C:\Users\helmut\AppData\Local\Temp\sdanircmdc.exe
C:\Users\helmut\AppData\Local\Temp\sdapskill.exe
C:\Users\helmut\AppData\Local\Temp\sdaspwn.exe
C:\Users\helmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\helmut\AppData\Local\Temp\uninstall.exe
C:\Users\helmut\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 10:47
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by helmut at 2014-06-19 17:40:09
Running from C:\Users\helmut\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ActivDriver x86 v5.8 (HKLM\...\{4EA83954-8796-4110-9F6E-96B3F308ED20}) (Version: 5.8.46 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
ActivInspire v1 (HKLM\...\{D7F4028A-4A92-4501-896C-3B707E843D7B}) (Version: 1.7.58968 - Promethean)
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Banking 4W (HKLM\...\TopBanking) (Version: - Subsembly GmbH)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CrystalDiskInfo 6.1.9a (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
Definition update for Microsoft Office 2010 (KB982726) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version: - Microsoft)
DreiDGeo für Windows 9x (HKLM\...\DreiDGeo für Windows 9x) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual Monitor 1.22 (HKLM\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Free YouTube Download version 3.2.35.514 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.35.514 - DVDVideoSoft Ltd.)
Freizeitkarte_CZE (Ausgabe 14.03) (HKLM\...\Freizeitkarte_CZE) (Version: - )
Freizeitkarte_DEU (Ausgabe 13.07) (HKLM\...\Freizeitkarte_DEU) (Version: - )
Freizeitkarte_ESP_PRT (Ausgabe 13.07) (HKLM\...\Freizeitkarte_ESP_PRT) (Version: - )
Garmin BaseCamp (HKLM\...\{EA32DDCC-6A44-482D-8638-DB199E95B4D2}) (Version: 4.2.3 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.6.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Photo and Imaging 1.0 - Scanjet 3500c Series (HKLM\...\{B8E952E3-A823-443A-8493-39A0CCE0E3EB}) (Version: 1.00.0000 - {&Tahoma8}Hewlett-Packard)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kurvenprofi 5.1.1 (HKLM\...\{22BB0352-8E48-430C-85CC-F996BF51D2E7}_is1) (Version: - Ulrich Strautz)
MapSource Product Install (HKLM\...\{47D50190-9DAD-4FFE-9EFA-6D278B2C4810}) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel 7.0 (HKLM\...\Excel) (Version: - )
Microsoft FrontPage 2002 (HKLM\...\{90170407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Paragon Partition Manager™ 2013 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.6 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Schülerdatei (HKLM\...\Schülerdatei_is1) (Version: - )
SeaMonkey 2.23 (x86 de) (HKLM\...\SeaMonkey 2.23 (x86 de)) (Version: 2.23 - Mozilla)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SSD Fresh (HKLM\...\SSD Fresh_is1) (Version: 2014 - Abelssoft)
Steganos Online-Banking 2012 (HKLM\...\{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}) (Version: 2.0.4 - Steganos Software GmbH)
Südtirol (Topo) (HKLM\...\{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1) (Version: - )
Synchredible (HKLM\...\Synchredible_is1) (Version: 4.1.0.0 - ASCOMP Software GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for Microsoft Office 2010 (KB2202188) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2433299) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5}) (Version: - Microsoft)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{10B1662A-566C-43C2-8469-5A470E0C7D7B}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
==================== Restore Points =========================
11-06-2014 00:53:33 Windows Update
12-06-2014 11:46:25 Windows Update
12-06-2014 11:59:44 Windows Update
12-06-2014 12:29:21 Windows Update
12-06-2014 12:39:09 Windows Update
12-06-2014 14:20:31 Windows Update
17-06-2014 19:59:30 Windows Update
19-06-2014 13:37:29 Removed Adobe Reader XI (11.0.07) - Deutsch.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1494CE34-BDC5-4FD0-94E4-D0C996FB0283} - System32\Tasks\{90D17530-3C2C-40F6-B7EC-67AF2B050F14} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {15C8C5F5-DC81-4C76-A6F4-660C61D7A68E} - System32\Tasks\{EACA44E9-4DFD-404A-BFE3-9BA4EEC22D32} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {5810F30F-F4FF-41AE-8914-8FC28C8F31E9} - System32\Tasks\{5FEBDF47-99DB-4B44-A7BC-5F3A4A25C231} => P:\ScanJet3750c\hpsw\setup.exe
Task: {5E09A80D-C05E-4AA8-B301-84FD079200D9} - System32\Tasks\{0A331208-69C2-422F-9525-5A4AB5AF90AC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {5F4687C5-9538-4116-9562-88D2B3063C2A} - System32\Tasks\{482F46FD-6E3D-4AAF-9342-EA23DD85282F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsPlugin
Task: {7A98C9B4-EA79-4AA5-B6EA-6205CD94AE50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {8F47FDAB-E0F3-4087-BBE2-5F6A4FBB5144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {91FE8E99-6729-4B9D-A39E-B910FD35CA13} - System32\Tasks\{3A62FA7F-C781-4F02-A4D2-9D87B884CBF5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {966E87D0-DE09-431B-848F-C20814DBFFF8} - System32\Tasks\{579B1786-A9C1-49EB-9988-53F3A6A7B96A} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {97A4977C-4CD3-4079-A53E-E912CD8234C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CD13EEBA-AD5D-4C8D-B98D-A8524AABCAA0} - System32\Tasks\{5521E072-B08D-489B-B353-06D5023E10E8} => E:\MG5300CanonDruckerCD\win\MSETUP4.EXE
Task: {FC9DD403-82A8-41E0-8686-54E7C885B0AD} - System32\Tasks\{1D5DAC64-C870-47EE-BAFE-AC01A24AD8C0} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 21:29 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-10-02 21:29 - 2014-06-19 16:39 - 00024576 _____ () C:\Program Files\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-02 21:29 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files\ASUS\AXSP\1.01.01\ATKEX.dll
2002-04-11 04:19 - 2002-04-11 04:19 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2013-12-25 15:35 - 2013-02-18 09:22 - 00558592 _____ () C:\Program Files\Dual Monitor\ExplorerHook32.dll
2002-04-11 04:19 - 2002-04-11 04:19 - 00077824 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2013-10-03 10:06 - 1998-05-24 14:33 - 00354304 _____ () D:\Programme\Salamand\SALAMAND.EXE
2013-10-02 21:33 - 2013-03-12 07:20 - 01199576 ____R () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-11 17:05 - 2014-06-11 17:06 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: ActivControl => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk => C:\Windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "D:\Programme\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: zzzHPSETUP => P:\ScanJet3750c\Setup.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2014 04:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:36:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:19:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:04:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:57:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:41:48 PM) (Source: MsiInstaller) (EventID: 11705) (User: HelmutDesktop)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch -- Fehler 1705. Im Augenblick wird eine weitere Installation dieses Produkts durchgeführt. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen?
Error: (06/19/2014 03:32:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 00:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OMNIS7.exe, Version: 0.0.0.0, Zeitstempel: 0x38da288e
Name des fehlerhaften Moduls: OMNIS7.exe, Version: 0.0.0.0, Zeitstempel: 0x38da288e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00152196
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xOMNIS7.exe0
Pfad der fehlerhaften Anwendung: OMNIS7.exe1
Pfad des fehlerhaften Moduls: OMNIS7.exe2
Berichtskennung: OMNIS7.exe3
Error: (06/19/2014 00:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/19/2014 04:39:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/19/2014 04:39:41 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{1f1a7dab-2b98-11e3-af93-806e6f6e6963}" können nicht gelesen werden.
Error: (06/19/2014 04:34:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/19/2014 04:34:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{1f1a7dab-2b98-11e3-af93-806e6f6e6963}" können nicht gelesen werden.
Error: (06/19/2014 04:17:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/19/2014 04:17:25 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{1f1a7dab-2b98-11e3-af93-806e6f6e6963}" können nicht gelesen werden.
Error: (06/19/2014 04:03:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/19/2014 04:02:57 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{1f1a7dab-2b98-11e3-af93-806e6f6e6963}" können nicht gelesen werden.
Error: (06/19/2014 03:55:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (06/19/2014 03:55:45 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{1f1a7dab-2b98-11e3-af93-806e6f6e6963}" können nicht gelesen werden.
Microsoft Office Sessions:
=========================
Error: (06/19/2014 04:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:36:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:19:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 04:04:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:57:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:42:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 03:41:48 PM) (Source: MsiInstaller) (EventID: 11705) (User: HelmutDesktop)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch -- Fehler 1705. Im Augenblick wird eine weitere Installation dieses Produkts durchgeführt. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/19/2014 03:32:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 00:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OMNIS7.exe0.0.0.038da288eOMNIS7.exe0.0.0.038da288ec000000500152196111c01cf8ba7da45cf70C:\winsv\OMNIS7.exeC:\winsv\OMNIS7.exee3bede21-f79c-11e3-bec6-ac220b296806
Error: (06/19/2014 00:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3233.82 MB
Available physical RAM: 1686.37 MB
Total Pagefile: 3432.11 MB
Available Pagefile: 1605.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.38 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.41 GB) (Free:748.38 GB) NTFS
Drive v: (Harddisk) (Network) (Total:465.67 GB) (Free:460.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A5844C4D)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5844C55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
20.06.2014, 14:32
| #4 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s) hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2014, 15:07
| #5 |
| | Programme starten stark verzögert (10s) Hier ist der Log, hat alles super geklappt. Code:
ATTFilter ComboFix 14-06-19.01 - helmut 20.06.2014 16:01:00.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3234.1843 [GMT 2:00]
ausgeführt von:: c:\users\helmut\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Disabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unin0407.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-20 bis 2014-06-20 ))))))))))))))))))))))))))))))
.
.
2014-06-20 13:58 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05028890-8659-4B0D-90F8-A3EFE4278313}\mpengine.dll
2014-06-19 15:38 . 2014-06-19 15:41 -------- d-----w- C:\FRST
2014-06-19 13:47 . 2014-06-19 13:47 -------- d-----w- c:\users\helmut\AppData\Local\Adobe
2014-06-19 13:46 . 2014-06-19 13:46 -------- d-----w- c:\program files\Common Files\Adobe
2014-06-19 13:36 . 2014-06-19 13:36 -------- d-----w- c:\program files\CCleaner
2014-06-18 20:10 . 2014-06-18 20:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-06-12 14:22 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-06-12 14:22 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 14:22 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 14:22 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-06-12 14:22 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-06-12 14:22 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-06-12 14:22 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 14:22 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-06-12 14:22 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-06-12 14:22 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-06-12 14:22 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-06-12 14:22 . 2013-10-01 20:55 5698048 ----a-w- c:\windows\system32\mstscax.dll
2014-06-12 14:20 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-12 14:20 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-12 11:57 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-12 11:41 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-12 11:41 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-12 11:41 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 21:17 . 2014-06-19 14:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-06-11 05:58 . 2014-06-11 05:58 -------- d-sh--w- c:\users\helmut\AppData\Local\EmieUserList
2014-06-11 05:58 . 2014-06-11 05:58 -------- d-sh--w- c:\users\helmut\AppData\Local\EmieSiteList
2014-05-26 21:21 . 2014-05-26 21:21 -------- d-----w- c:\users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 21:20 . 2014-05-26 21:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2014-05-26 21:20 . 2014-05-26 21:20 -------- d-----w- c:\program files\Hewlett-Packard
2014-05-26 21:20 . 2014-05-26 21:20 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 15:30 . 2013-11-09 17:09 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-03 15:30 . 2013-11-09 17:09 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-17 19:38 . 2013-07-08 13:37 844002888 ----a-w- C:\Install_Freizeitkarte_ESP_PRT_en.exe
2014-04-12 02:15 . 2014-05-14 13:50 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 13:50 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 13:50 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 13:50 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 13:50 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 13:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 13:50 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 07:35 . 2013-10-02 19:42 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-24 09:24 . 2014-03-24 09:24 202878945 ------w- C:\Install_Freizeitkarte_CZE_en.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2014-01-31 15:01 2660016 ----a-w- d:\programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\helmut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\helmut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\helmut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\helmut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dualmonitor"="c:\program files\Dual Monitor\DualMonitor.exe" [2013-02-18 478720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-11-19 5995152]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 140784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 186864]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 196080]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-03 737872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
backup=c:\windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk]
path=c:\users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
backup=c:\windows\pss\Samsung Magician.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivManager]
2012-11-28 08:32 712584 ----a-w- c:\program files\Activ Software\ActivDriver\ActivMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 02:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 15:42 20584608 ----a-r- d:\programme\Phone\Skype.exe
.
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2011-11-04 39696]
R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 637912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys [2012-07-03 49808]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys [2012-08-31 27792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R4 ActivControl;ActivControl;c:\program files\Activ Software\ActivDriver\ActivControlsvc.exe [2012-11-28 21400]
R4 SkypeUpdate;Skype Updater;d:\programme\Updater\Updater.exe [2013-10-23 172192]
S0 AFS;AFS; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-01-31 524784]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-01-31 26608]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 16880]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2013-10-10 113024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-10 37352]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\system32\drivers\Sleen18.sys [2013-01-08 14:22 91112]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2014-06-03 1043024]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-06-03 811088]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-06-03 430160]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-06-03 1039952]
S2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.01.01\atkexComSvc.exe [2012-10-29 927232]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-20 69240]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-31 15344]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2013-02-13 583680]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-03-12 169432]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 33056]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2013-10-10 92448]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-05-17 359936]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 361968]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 793072]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2013-03-12 56432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-26 614624]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 01:07 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-06 09:44]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-06 09:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - d:\progra~1\msoffice\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=de_DE&apn_uid=779D480A-5BEA-4E0E-B663-20448CC9CDD8&apn_ptnrs=2R&apn_sauid=32383BAC-F4F4-42EC-B107-F59609BC8CE6&apn_dtid=get006YYDE&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-emsisoft anti-malware - c:\program files\emsisoft anti-malware\a2guard.exe
MSConfigStartUp-zzzHPSETUP - p:\scanjet3750c\Setup.exe
AddRemove-DreiDGeo für Windows 9x - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-20 16:06:25
ComboFix-quarantined-files.txt 2014-06-20 14:06
.
Vor Suchlauf: 19 Verzeichnis(se), 54.729.129.984 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 56.529.436.672 Bytes frei
.
- - End Of File - - 13DA8B50A638BEB00254FBB652203647
A36C5E4F47E84449FF07ED3517B43A31
|
|
21.06.2014, 09:25
| #6 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Programme starten stark verzögert (10s) |
|
21.06.2014, 11:28
| #7 |
| | Programme starten stark verzögert (10s) Gmorgn, Hier sind die Scans: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.06.2014 Suchlauf-Zeit: 10:32:00 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.21.02 Rootkit Datenbank: v2014.06.20.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: helmut Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 304144 Verstrichene Zeit: 4 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 21/06/2014 um 10:45:59
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : helmut - HELMUTDESKTOP
# Gestartet von : C:\Users\helmut\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Ordner Gelöscht : C:\Program Files\SearchPredict
Ordner Gelöscht : C:\Users\helmut\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb
Ordner Gelöscht : C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultengine", "Search-Results");
Zeile gelöscht : user_pref("browser.search.order.1", "Search-Results");
Zeile gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Zeile gelöscht : user_pref("extensions.asktb.cbid", "2R");
Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2011.08.08+04.19.41-toolbar007iad-DE-SGFubm92ZXIsR2VybWFueQ%3D%3D");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.search-results.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "get006YYDE");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=de_DE&apn_uid=779D480A-5BEA-4E0E-B663-20448CC9CDD8&apn_pt[...]
Zeile gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,go[...]
Zeile gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Zeile gelöscht : user_pref("extensions.asktb.fresh-install", false);
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1313422599483");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Zeile gelöscht : user_pref("extensions.asktb.o", "16705");
Zeile gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.r", "2");
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", false);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Zeile gelöscht : user_pref("extensions.enabledItems", "jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,searchpredict@speedbit.com:1.0.1.0,{0329E7D6-6F54-462D-[...]
Zeile gelöscht : user_pref("extensions.searchpredict@speedbit.com.install-event-fired", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=de_DE&apn_uid=779D480A-5BEA-4E0E-B663-20448CC9CDD8&apn_ptnrs=2R&apn_sauid=32383BAC-F4F[...]
Zeile gelöscht : user_pref("speedbitvideodownloader.Var1", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var10", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var2", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var3", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var4", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var5", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var6", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var7", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var8", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.Var9", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "27/10/21/5/114");
Zeile gelöscht : user_pref("speedbitvideodownloader.firstlaunch", "0");
Zeile gelöscht : user_pref("speedbitvideodownloader.guid", "%7B7D73BF7D-2CAF-150E-1C98-3A4A46887959%7D");
Zeile gelöscht : user_pref("speedbitvideodownloader.popupblockedcnt", "37");
Zeile gelöscht : user_pref("speedbitvideodownloader.userId", "%12");
Zeile gelöscht : user_pref("speedbitvideodownloader_installed_version", "3.0.9");
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://websearch.search-results.com/redirect?client=ff&src=crm&tb=GET-SRS&o=16705&locale=de_DE&apn_uid=779D480A-5BEA-4E0E-B663-20448CC9CDD8&apn_ptnrs=2R&apn_sauid=32383BAC-F4F4-42EC-B107-F59609BC8CE6&apn_dtid=get006YYDE&q={searchTerms}
Gelöscht [Extension] : djcpfkccckpeeghiklnhienllljccglb
Gelöscht [Extension] : ledcpigomgblcmofccnacobhmcdkpiea
*************************
AdwCleaner[R0].txt - [11767 octets] - [21/06/2014 10:44:52]
AdwCleaner[S0].txt - [11691 octets] - [21/06/2014 10:45:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11752 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by helmut on 21.06.2014 at 11:52:26,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\helmut\AppData\Roaming\mozilla\firefox\profiles\3ojguono.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2014 at 11:53:51,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by helmut (administrator) on HELMUTDESKTOP on 21-06-2014 12:27:40
Running from C:\Users\helmut\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cristi) C:\Program Files\Dual Monitor\DualMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() D:\Programme\Salamand\SALAMAND.EXE
(Microsoft Corporation) D:\Programme\msoffice\Office10\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3419901750-1294363576-1798334200-1000\...\Run: [dualmonitor] => C:\Program Files\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\geocaching.xml
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-07]
FF Extension: Adblock Plus - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
Chrome:
=======
CHR HomePage:
CHR Extension: (No Name) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2014-06-11]
CHR Extension: (No Name) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
========================== Services (Whitelisted) =================
S4 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21400 2012-11-28] (Promethean)
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 SkypeUpdate; D:\Programme\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-05-26] (Oak Technology Inc.) [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-21] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-10-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-10-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-20] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (www.winchiphead.com)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-31] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-03-12] (Intel Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 catchme; \??\C:\Users\helmut\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-21 12:24 - 2014-06-21 12:27 - 00014017 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-21 12:24 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-21 11:53 - 2014-06-21 11:53 - 00000758 _____ () C:\Users\helmut\Desktop\JRT.txt
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:50 - 2014-06-21 10:50 - 01016261 _____ (Thisisu) C:\Users\helmut\Desktop\JRT.exe
2014-06-21 10:49 - 2014-06-21 10:49 - 00011833 _____ () C:\Users\helmut\Desktop\AdwCleaner[S0].txt
2014-06-21 10:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-21 10:44 - 2014-06-21 10:46 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:41 - 2014-06-21 10:41 - 01333465 _____ () C:\Users\helmut\Desktop\adwcleaner_3.212.exe
2014-06-21 10:41 - 2014-06-21 10:41 - 00001157 _____ () C:\Users\helmut\Desktop\mbam.txt
2014-06-21 10:30 - 2014-06-21 11:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 10:28 - 2014-06-21 10:28 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 20:55 - 2014-06-20 20:55 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-20 17:48 - 2014-06-20 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-20 17:48 - 2014-06-20 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-20 16:15 - 2014-06-20 16:16 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:15 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:14 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:00 - 2014-06-20 16:06 - 00000000 ____D () C:\Qoobox
2014-06-20 16:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 16:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 16:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 15:53 - 2014-06-20 16:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 15:51 - 2014-06-20 15:52 - 05207168 ____R (Swearware) C:\Users\helmut\Desktop\ComboFix.exe
2014-06-19 17:40 - 2014-06-19 17:41 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:39 - 2014-06-19 17:41 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 17:38 - 2014-06-21 12:27 - 00000000 ____D () C:\FRST
2014-06-19 17:38 - 2014-06-21 12:24 - 01070592 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:42 - 2014-06-19 15:43 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:10 - 2014-06-18 22:11 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 16:22 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 16:22 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 16:22 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 16:22 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 16:22 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 16:22 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 16:22 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 16:22 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 16:22 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 16:22 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 16:20 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:20 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 14:08 - 2014-06-12 14:12 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 13:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:58 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:58 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:58 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:58 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:58 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:58 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:41 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 13:41 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 13:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 08:24 - 2014-06-12 14:04 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-11 23:13 - 2014-06-11 23:16 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:20 - 2014-06-11 17:22 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:05 - 2014-06-11 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2014-06-11 16:35 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 09:49 - 2014-06-11 09:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:20 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
==================== One Month Modified Files and Folders =======
2014-06-21 12:27 - 2014-06-21 12:24 - 00014017 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-21 12:27 - 2014-06-19 17:38 - 00000000 ____D () C:\FRST
2014-06-21 12:24 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-21 12:24 - 2014-06-19 17:38 - 01070592 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-21 12:14 - 2013-10-06 11:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 11:58 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 11:58 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 11:55 - 2010-11-20 23:01 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 11:54 - 2013-10-02 21:26 - 01664798 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 11:53 - 2014-06-21 11:53 - 00000758 _____ () C:\Users\helmut\Desktop\JRT.txt
2014-06-21 11:52 - 2014-06-21 10:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 11:51 - 2013-10-06 11:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 11:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 11:51 - 2009-07-14 06:39 - 00062120 _____ () C:\Windows\setupact.log
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:50 - 2014-06-21 10:50 - 01016261 _____ (Thisisu) C:\Users\helmut\Desktop\JRT.exe
2014-06-21 10:49 - 2014-06-21 10:49 - 00011833 _____ () C:\Users\helmut\Desktop\AdwCleaner[S0].txt
2014-06-21 10:48 - 2010-11-20 23:48 - 00660494 _____ () C:\Windows\PFRO.log
2014-06-21 10:48 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 10:46 - 2014-06-21 10:44 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:41 - 2014-06-21 10:41 - 01333465 _____ () C:\Users\helmut\Desktop\adwcleaner_3.212.exe
2014-06-21 10:41 - 2014-06-21 10:41 - 00001157 _____ () C:\Users\helmut\Desktop\mbam.txt
2014-06-21 10:28 - 2014-06-21 10:28 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2013-10-06 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 22:23 - 2013-10-03 10:42 - 00000000 ____D () C:\Users\MailThunder\Verwaltung
2014-06-20 22:23 - 2013-10-03 10:41 - 00000000 ____D () C:\Users\MailThunder\GMX
2014-06-20 22:08 - 2014-01-03 22:36 - 00000658 _____ () C:\Windows\helmut.xlb
2014-06-20 20:55 - 2014-06-20 20:55 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-20 19:28 - 2013-10-04 16:11 - 00000000 ____D () C:\winsv
2014-06-20 18:27 - 2014-04-08 18:22 - 00698880 _____ () C:\Users\helmut\Documents\Helmut (Steganos).sub
2014-06-20 18:19 - 2014-06-20 17:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-20 18:19 - 2014-06-20 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-20 18:10 - 2014-04-08 18:22 - 00001939 _____ () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banking 4W.lnk
2014-06-20 17:52 - 2013-10-02 23:13 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\vlc
2014-06-20 16:16 - 2014-06-20 16:15 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:16 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:16 - 2014-06-20 16:14 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:06 - 2014-06-20 16:00 - 00000000 ____D () C:\Qoobox
2014-06-20 16:06 - 2013-10-03 10:39 - 00000000 ____D () C:\Users\MailThunder
2014-06-20 16:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-20 16:05 - 2014-06-20 15:53 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 16:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 15:52 - 2014-06-20 15:51 - 05207168 ____R (Swearware) C:\Users\helmut\Desktop\ComboFix.exe
2014-06-20 08:26 - 2014-04-15 08:06 - 00000000 ____D () C:\ASVBackups
2014-06-19 17:41 - 2014-06-19 17:40 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:41 - 2014-06-19 17:39 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-19 15:56 - 2013-10-06 18:24 - 00000000 ____D () C:\Windows\pss
2014-06-19 15:55 - 2009-07-14 06:33 - 00345648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:50 - 2013-10-02 21:34 - 00086920 _____ () C:\Users\helmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:49 - 2013-10-02 23:07 - 00000000 ____D () C:\Users\helmut\Desktop\Programme
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:46 - 2013-10-02 22:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 15:43 - 2014-06-19 15:42 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:11 - 2014-06-18 22:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-18 10:16 - 2014-05-01 18:15 - 16206848 _____ () C:\Users\helmut\Desktop\FilmeauslesenW7.xls
2014-06-13 03:09 - 2013-10-06 11:44 - 00002123 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 17:21 - 2013-10-03 07:22 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-06-12 17:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-12 16:21 - 2014-05-07 03:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 14:12 - 2014-06-12 14:08 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 14:04 - 2014-06-12 08:24 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:49 - 2013-10-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:48 - 2013-10-02 22:33 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:16 - 2014-06-11 23:13 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:22 - 2014-06-11 17:20 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:06 - 2014-06-11 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:48 - 2013-10-10 21:44 - 00020942 _____ () C:\Users\helmut\ACTIVstudioError.log
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:35 - 2014-06-11 16:11 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 16:35 - 2013-10-02 23:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2013-10-02 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 15:53 - 2013-10-02 23:17 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Skype
2014-06-11 13:37 - 2014-05-01 17:14 - 02462720 _____ () C:\Users\helmut\Desktop\Serien.xls
2014-06-11 09:56 - 2013-11-03 15:02 - 00000000 ___RD () C:\Users\helmut\Dropbox
2014-06-11 09:56 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Dropbox
2014-06-11 09:48 - 2014-06-11 09:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 08:11 - 2014-05-07 06:34 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\DropboxMaster
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-08 10:48 - 2014-06-12 16:20 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 16:20 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 00:05 - 2013-12-26 11:41 - 00000000 ____D () C:\Windows\Minidump
2014-06-07 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060714-10530-01.dmp
2014-06-04 15:53 - 2013-10-15 21:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-04 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060414-11559-01.dmp
2014-06-03 17:30 - 2013-11-09 19:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 17:30 - 2013-11-09 19:09 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-02 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060214-11091-01.dmp
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-31 11:02 - 2014-01-31 17:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-30 11:18 - 2014-06-12 13:58 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 13:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 13:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 13:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 13:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 13:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 13:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 13:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 13:58 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 13:58 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:58 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 13:58 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 13:58 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 13:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 13:58 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 13:58 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:58 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 12:32 - 2013-10-20 19:19 - 00086920 _____ () C:\Users\helmut\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-05-27 06:32 - 2013-11-01 00:47 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\TeamViewer
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-05-26 23:21 - 2009-07-14 04:04 - 00000660 _____ () C:\Windows\win.ini
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
2014-05-26 17:06 - 2014-05-15 21:25 - 00000000 ____D () C:\ASVBackupHome
2014-05-25 08:49 - 2013-11-03 15:02 - 00001025 _____ () C:\Users\helmut\Desktop\Dropbox.lnk
2014-05-25 08:49 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\helmut\AppData\Local\temp\avgnt.exe
C:\Users\helmut\AppData\Local\temp\Quarantine.exe
C:\Users\helmut\AppData\Local\temp\TopBankingSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 10:47
==================== End Of Log ============================
Und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by helmut at 2014-06-21 12:27:55
Running from C:\Users\helmut\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ActivDriver x86 v5.8 (HKLM\...\{4EA83954-8796-4110-9F6E-96B3F308ED20}) (Version: 5.8.46 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
ActivInspire v1 (HKLM\...\{D7F4028A-4A92-4501-896C-3B707E843D7B}) (Version: 1.7.58968 - Promethean)
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Banking 4W (HKLM\...\TopBanking) (Version: - Subsembly GmbH)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CrystalDiskInfo 6.1.9a (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
Definition update for Microsoft Office 2010 (KB982726) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual Monitor 1.22 (HKLM\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Free YouTube Download version 3.2.35.514 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.35.514 - DVDVideoSoft Ltd.)
Freizeitkarte_CZE (Ausgabe 14.03) (HKLM\...\Freizeitkarte_CZE) (Version: - )
Freizeitkarte_DEU (Ausgabe 13.07) (HKLM\...\Freizeitkarte_DEU) (Version: - )
Freizeitkarte_ESP_PRT (Ausgabe 13.07) (HKLM\...\Freizeitkarte_ESP_PRT) (Version: - )
Garmin BaseCamp (HKLM\...\{EA32DDCC-6A44-482D-8638-DB199E95B4D2}) (Version: 4.2.3 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.6.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Photo and Imaging 1.0 - Scanjet 3500c Series (HKLM\...\{B8E952E3-A823-443A-8493-39A0CCE0E3EB}) (Version: 1.00.0000 - {&Tahoma8}Hewlett-Packard)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kurvenprofi 5.1.1 (HKLM\...\{22BB0352-8E48-430C-85CC-F996BF51D2E7}_is1) (Version: - Ulrich Strautz)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapSource Product Install (HKLM\...\{47D50190-9DAD-4FFE-9EFA-6D278B2C4810}) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel 7.0 (HKLM\...\Excel) (Version: - )
Microsoft FrontPage 2002 (HKLM\...\{90170407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Paragon Partition Manager™ 2013 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.6 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Schülerdatei (HKLM\...\Schülerdatei_is1) (Version: - )
SeaMonkey 2.23 (x86 de) (HKLM\...\SeaMonkey 2.23 (x86 de)) (Version: 2.23 - Mozilla)
SEPA Account Converter (HKLM\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.26.0 - Star Finanz GmbH)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SSD Fresh (HKLM\...\SSD Fresh_is1) (Version: 2014 - Abelssoft)
Steganos Online-Banking 2012 (HKLM\...\{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}) (Version: 2.0.4 - Steganos Software GmbH)
Südtirol (Topo) (HKLM\...\{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1) (Version: - )
Synchredible (HKLM\...\Synchredible_is1) (Version: 4.1.0.0 - ASCOMP Software GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for Microsoft Office 2010 (KB2202188) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2433299) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5}) (Version: - Microsoft)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{10B1662A-566C-43C2-8469-5A470E0C7D7B}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
==================== Restore Points =========================
11-06-2014 00:53:33 Windows Update
12-06-2014 11:46:25 Windows Update
12-06-2014 11:59:44 Windows Update
12-06-2014 12:29:21 Windows Update
12-06-2014 12:39:09 Windows Update
12-06-2014 14:20:31 Windows Update
17-06-2014 19:59:30 Windows Update
19-06-2014 13:37:29 Removed Adobe Reader XI (11.0.07) - Deutsch.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-06-20 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1494CE34-BDC5-4FD0-94E4-D0C996FB0283} - System32\Tasks\{90D17530-3C2C-40F6-B7EC-67AF2B050F14} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {15C8C5F5-DC81-4C76-A6F4-660C61D7A68E} - System32\Tasks\{EACA44E9-4DFD-404A-BFE3-9BA4EEC22D32} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {5810F30F-F4FF-41AE-8914-8FC28C8F31E9} - System32\Tasks\{5FEBDF47-99DB-4B44-A7BC-5F3A4A25C231} => P:\ScanJet3750c\hpsw\setup.exe
Task: {5E09A80D-C05E-4AA8-B301-84FD079200D9} - System32\Tasks\{0A331208-69C2-422F-9525-5A4AB5AF90AC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {5F4687C5-9538-4116-9562-88D2B3063C2A} - System32\Tasks\{482F46FD-6E3D-4AAF-9342-EA23DD85282F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsPlugin
Task: {7A98C9B4-EA79-4AA5-B6EA-6205CD94AE50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {8F47FDAB-E0F3-4087-BBE2-5F6A4FBB5144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {91FE8E99-6729-4B9D-A39E-B910FD35CA13} - System32\Tasks\{3A62FA7F-C781-4F02-A4D2-9D87B884CBF5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {966E87D0-DE09-431B-848F-C20814DBFFF8} - System32\Tasks\{579B1786-A9C1-49EB-9988-53F3A6A7B96A} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {97A4977C-4CD3-4079-A53E-E912CD8234C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CD13EEBA-AD5D-4C8D-B98D-A8524AABCAA0} - System32\Tasks\{5521E072-B08D-489B-B353-06D5023E10E8} => E:\MG5300CanonDruckerCD\win\MSETUP4.EXE
Task: {FC9DD403-82A8-41E0-8686-54E7C885B0AD} - System32\Tasks\{1D5DAC64-C870-47EE-BAFE-AC01A24AD8C0} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 21:29 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-10-02 21:29 - 2014-06-21 11:51 - 00024576 _____ () C:\Program Files\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-02 21:29 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files\ASUS\AXSP\1.01.01\ATKEX.dll
2002-04-11 04:19 - 2002-04-11 04:19 - 00077824 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2002-04-11 04:19 - 2002-04-11 04:19 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2013-12-25 15:35 - 2013-02-18 09:22 - 00558592 _____ () C:\Program Files\Dual Monitor\ExplorerHook32.dll
2013-10-02 21:33 - 2013-03-12 07:20 - 01199576 ____R () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-10-03 10:06 - 1998-05-24 14:33 - 00354304 _____ () D:\Programme\Salamand\SALAMAND.EXE
2000-11-06 10:15 - 2000-11-06 10:15 - 00126976 _____ () D:\Programme\msoffice\Office10\intldate.dll
2014-06-11 17:05 - 2014-06-11 17:06 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: ActivControl => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk => C:\Windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "D:\Programme\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 3233.82 MB
Available physical RAM: 1808.23 MB
Total Pagefile: 3432.11 MB
Available Pagefile: 1732.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.94 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.41 GB) (Free:745.92 GB) NTFS
Drive v: (Harddisk) (Network) (Total:465.67 GB) (Free:460.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A5844C4D)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5844C55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Mal wieder vielen lieben Dank für deine Unterstützung und noch ein schönes WE ! |
|
21.06.2014, 22:08
| #8 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 18:31
| #9 |
| | Programme starten stark verzögert (10s) Hi, Ja das System läuft momentan eigentlich schon wieder perfekt, keine Verzögerungen, alles wie früher :-) Darf man fragen, woran es lag? War da ein Virus im Hintergrund tätig? Auf jeden Fall einmal ein dickes Dankeschön für die gute und schnelle Hilfe! Hier nun die Logs: ESET Online-Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=5d401fb2f5ed244bade658d5330bf384
# engine=18819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-22 08:41:07
# local_time=2014-06-22 10:41:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 58142 21997708 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 155057658 0 0
# scanned=206687
# found=5
# cleaned=0
# scan_time=3081
sh=656813A8C8F19DF068C0468E31567D5206A69B4E ft=1 fh=5afee5592fe1c178 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe"
sh=B38A1DDEB77DD1A0F2D4387266984599486C53C2 ft=1 fh=a3be7b63677c497d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\helmut\Dropbox\Verwaltung\PDFCreator-1_2_3_setup.exe"
sh=138F1B4C921C7D07E696F2F97CB30E659A6E6911 ft=1 fh=f14aa9b2f97fb48a vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="D:\Geo.exe-Setup.exe"
Das SecurityCheck-Programm ging bei mir irgendwie nicht, auf jeden Fall kam die folgende Fehlermeldung: Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by helmut (administrator) on HELMUTDESKTOP on 22-06-2014 11:08:46
Running from C:\Users\helmut\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cristi) C:\Program Files\Dual Monitor\DualMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) D:\Programme\msoffice\Office10\WINWORD.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\launch4j-tmp\MediathekView-WinXp.exe
(Microsoft Corporation) D:\Programme\msoffice\Office10\EXCEL.EXE
() D:\Programme\Salamand\SALAMAND.EXE
() D:\Programme\StreamTransport\StreamTransport.exe
(ASCOMP Software GmbH) D:\Program Files\Synchredible\synchredible.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
() C:\Users\helmut\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3419901750-1294363576-1798334200-1000\...\Run: [dualmonitor] => C:\Program Files\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C829A553-5473-459C-A5D5-0650C3070C58} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\geocaching.xml
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-07]
FF Extension: Adblock Plus - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
Chrome:
=======
CHR HomePage:
CHR Extension: (No Name) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2014-06-11]
CHR Extension: (No Name) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
========================== Services (Whitelisted) =================
S4 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21400 2012-11-28] (Promethean)
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 SkypeUpdate; D:\Programme\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-05-26] (Oak Technology Inc.) [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-21] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-10-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-10-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-20] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (www.winchiphead.com)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-31] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-03-12] (Intel Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 catchme; \??\C:\Users\helmut\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 11:08 - 2014-06-22 11:08 - 00014591 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-22 09:30 - 2014-06-22 11:07 - 00854367 _____ () C:\Users\helmut\Desktop\SecurityCheck.exe
2014-06-22 09:30 - 2014-06-22 09:30 - 00000000 ____D () C:\Program Files\ESET
2014-06-22 09:29 - 2014-06-22 11:07 - 00000000 ____D () C:\Users\helmut\Desktop\weg
2014-06-21 12:24 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:50 - 2014-06-21 10:50 - 01016261 _____ (Thisisu) C:\Users\helmut\Desktop\JRT.exe
2014-06-21 10:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-21 10:44 - 2014-06-21 10:46 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:30 - 2014-06-21 11:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 20:55 - 2014-06-20 20:55 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-20 17:48 - 2014-06-20 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-20 17:48 - 2014-06-20 18:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-20 16:15 - 2014-06-20 16:16 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:15 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:14 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:00 - 2014-06-20 16:06 - 00000000 ____D () C:\Qoobox
2014-06-20 16:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 16:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 16:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 15:53 - 2014-06-20 16:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 15:51 - 2014-06-20 15:52 - 05207168 ____R (Swearware) C:\Users\helmut\Desktop\ComboFix.exe
2014-06-19 17:40 - 2014-06-19 17:41 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:39 - 2014-06-19 17:41 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 17:38 - 2014-06-22 11:08 - 00000000 ____D () C:\FRST
2014-06-19 17:38 - 2014-06-21 12:24 - 01070592 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:42 - 2014-06-19 15:43 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:10 - 2014-06-18 22:11 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 16:22 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 16:22 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 16:22 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 16:22 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 16:22 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 16:22 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 16:22 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 16:22 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 16:22 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 16:22 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 16:20 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:20 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 14:08 - 2014-06-12 14:12 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 13:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:58 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:58 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:58 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:58 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:58 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:58 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:41 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 13:41 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 13:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 08:24 - 2014-06-12 14:04 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-11 23:13 - 2014-06-11 23:16 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:20 - 2014-06-11 17:22 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:05 - 2014-06-11 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2014-06-11 16:35 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 09:49 - 2014-06-11 09:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:20 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
==================== One Month Modified Files and Folders =======
2014-06-22 11:08 - 2014-06-22 11:08 - 00014591 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-22 11:08 - 2014-06-19 17:38 - 00000000 ____D () C:\FRST
2014-06-22 11:07 - 2014-06-22 09:30 - 00854367 _____ () C:\Users\helmut\Desktop\SecurityCheck.exe
2014-06-22 11:07 - 2014-06-22 09:29 - 00000000 ____D () C:\Users\helmut\Desktop\weg
2014-06-22 10:14 - 2013-10-06 11:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 09:33 - 2010-11-20 23:01 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 09:30 - 2014-06-22 09:30 - 00000000 ____D () C:\Program Files\ESET
2014-06-22 04:25 - 2013-10-02 21:26 - 01682331 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 22:14 - 2013-10-06 11:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 20:11 - 2013-10-03 10:41 - 00000000 ____D () C:\Users\MailThunder\GMX
2014-06-21 15:22 - 2013-10-02 23:13 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\vlc
2014-06-21 13:37 - 2014-05-01 18:15 - 16206848 _____ () C:\Users\helmut\Desktop\FilmeauslesenW7.xls
2014-06-21 12:24 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-21 12:24 - 2014-06-19 17:38 - 01070592 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-21 11:58 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 11:58 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 11:52 - 2014-06-21 10:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 11:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 11:51 - 2009-07-14 06:39 - 00062120 _____ () C:\Windows\setupact.log
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:50 - 2014-06-21 10:50 - 01016261 _____ (Thisisu) C:\Users\helmut\Desktop\JRT.exe
2014-06-21 10:48 - 2010-11-20 23:48 - 00660494 _____ () C:\Windows\PFRO.log
2014-06-21 10:48 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 10:46 - 2014-06-21 10:44 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2013-10-06 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 22:23 - 2013-10-03 10:42 - 00000000 ____D () C:\Users\MailThunder\Verwaltung
2014-06-20 22:08 - 2014-01-03 22:36 - 00000658 _____ () C:\Windows\helmut.xlb
2014-06-20 20:55 - 2014-06-20 20:55 - 00000000 ____D () C:\Users\helmut\AppData\Local\Adobe
2014-06-20 19:28 - 2013-10-04 16:11 - 00000000 ____D () C:\winsv
2014-06-20 18:27 - 2014-04-08 18:22 - 00698880 _____ () C:\Users\helmut\Documents\Helmut (Steganos).sub
2014-06-20 18:19 - 2014-06-20 17:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-20 18:19 - 2014-06-20 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-20 18:10 - 2014-04-08 18:22 - 00001939 _____ () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banking 4W.lnk
2014-06-20 16:16 - 2014-06-20 16:15 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:16 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:16 - 2014-06-20 16:14 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:06 - 2014-06-20 16:00 - 00000000 ____D () C:\Qoobox
2014-06-20 16:06 - 2013-10-03 10:39 - 00000000 ____D () C:\Users\MailThunder
2014-06-20 16:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-20 16:05 - 2014-06-20 15:53 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 16:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 15:52 - 2014-06-20 15:51 - 05207168 ____R (Swearware) C:\Users\helmut\Desktop\ComboFix.exe
2014-06-20 08:26 - 2014-04-15 08:06 - 00000000 ____D () C:\ASVBackups
2014-06-19 17:41 - 2014-06-19 17:40 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:41 - 2014-06-19 17:39 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-19 15:56 - 2013-10-06 18:24 - 00000000 ____D () C:\Windows\pss
2014-06-19 15:55 - 2009-07-14 06:33 - 00345648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:50 - 2013-10-02 21:34 - 00086920 _____ () C:\Users\helmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:49 - 2013-10-02 23:07 - 00000000 ____D () C:\Users\helmut\Desktop\Programme
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:46 - 2013-10-02 22:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 15:43 - 2014-06-19 15:42 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:11 - 2014-06-18 22:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-13 03:09 - 2013-10-06 11:44 - 00002123 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 17:21 - 2013-10-03 07:22 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-06-12 17:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-12 16:21 - 2014-05-07 03:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 14:12 - 2014-06-12 14:08 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 14:04 - 2014-06-12 08:24 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:49 - 2013-10-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:48 - 2013-10-02 22:33 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:16 - 2014-06-11 23:13 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:22 - 2014-06-11 17:20 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:06 - 2014-06-11 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:48 - 2013-10-10 21:44 - 00020942 _____ () C:\Users\helmut\ACTIVstudioError.log
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:35 - 2014-06-11 16:11 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 16:35 - 2013-10-02 23:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2013-10-02 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 15:53 - 2013-10-02 23:17 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Skype
2014-06-11 13:37 - 2014-05-01 17:14 - 02462720 _____ () C:\Users\helmut\Desktop\Serien.xls
2014-06-11 09:56 - 2013-11-03 15:02 - 00000000 ___RD () C:\Users\helmut\Dropbox
2014-06-11 09:56 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Dropbox
2014-06-11 09:48 - 2014-06-11 09:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 08:11 - 2014-05-07 06:34 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\DropboxMaster
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-08 10:48 - 2014-06-12 16:20 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 16:20 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 00:05 - 2013-12-26 11:41 - 00000000 ____D () C:\Windows\Minidump
2014-06-07 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060714-10530-01.dmp
2014-06-04 15:53 - 2013-10-15 21:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-04 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060414-11559-01.dmp
2014-06-03 17:30 - 2013-11-09 19:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 17:30 - 2013-11-09 19:09 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-02 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060214-11091-01.dmp
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-31 11:02 - 2014-01-31 17:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-30 11:18 - 2014-06-12 13:58 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 13:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 13:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 13:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 13:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 13:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 13:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 13:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 13:58 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 13:58 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:58 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 13:58 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 13:58 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 13:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 13:58 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 13:58 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:58 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 12:32 - 2013-10-20 19:19 - 00086920 _____ () C:\Users\helmut\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-05-27 06:32 - 2013-11-01 00:47 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\TeamViewer
2014-05-26 23:21 - 2014-05-26 23:21 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00001118 _____ () C:\Users\Public\Desktop\HP Director.lnk
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Ordner HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
2014-05-26 23:21 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2014-05-26 23:21 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-05-26 23:21 - 2009-07-14 04:04 - 00000660 _____ () C:\Windows\win.ini
2014-05-26 23:20 - 2014-05-26 23:20 - 00077004 _____ (Oak Technology Inc.) C:\Windows\system32\Drivers\AFS.SYS
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-05-26 23:20 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files\Common Files\Hewlett-Packard
2014-05-26 17:06 - 2014-05-15 21:25 - 00000000 ____D () C:\ASVBackupHome
2014-05-25 08:49 - 2013-11-03 15:02 - 00001025 _____ () C:\Users\helmut\Desktop\Dropbox.lnk
2014-05-25 08:49 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\helmut\AppData\Local\temp\avgnt.exe
C:\Users\helmut\AppData\Local\temp\Quarantine.exe
C:\Users\helmut\AppData\Local\temp\TopBankingSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 10:47
==================== End Of Log ============================
--- --- --- --- --- --- Und die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by helmut at 2014-06-22 11:09:06
Running from C:\Users\helmut\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Disabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ActivDriver x86 v5.8 (HKLM\...\{4EA83954-8796-4110-9F6E-96B3F308ED20}) (Version: 5.8.46 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
ActivInspire v1 (HKLM\...\{D7F4028A-4A92-4501-896C-3B707E843D7B}) (Version: 1.7.58968 - Promethean)
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11.9.966.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Banking 4W (HKLM\...\TopBanking) (Version: - Subsembly GmbH)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CrystalDiskInfo 6.1.9a (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
Definition update for Microsoft Office 2010 (KB982726) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E14AE329-F210-4EDD-B775-290821C66C1F}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual Monitor 1.22 (HKLM\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Free YouTube Download version 3.2.35.514 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.35.514 - DVDVideoSoft Ltd.)
Freizeitkarte_CZE (Ausgabe 14.03) (HKLM\...\Freizeitkarte_CZE) (Version: - )
Freizeitkarte_DEU (Ausgabe 13.07) (HKLM\...\Freizeitkarte_DEU) (Version: - )
Freizeitkarte_ESP_PRT (Ausgabe 13.07) (HKLM\...\Freizeitkarte_ESP_PRT) (Version: - )
Garmin BaseCamp (HKLM\...\{EA32DDCC-6A44-482D-8638-DB199E95B4D2}) (Version: 4.2.3 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.6.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Photo and Imaging 1.0 - Scanjet 3500c Series (HKLM\...\{B8E952E3-A823-443A-8493-39A0CCE0E3EB}) (Version: 1.00.0000 - {&Tahoma8}Hewlett-Packard)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kurvenprofi 5.1.1 (HKLM\...\{22BB0352-8E48-430C-85CC-F996BF51D2E7}_is1) (Version: - Ulrich Strautz)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapSource Product Install (HKLM\...\{47D50190-9DAD-4FFE-9EFA-6D278B2C4810}) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel 7.0 (HKLM\...\Excel) (Version: - )
Microsoft FrontPage 2002 (HKLM\...\{90170407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}) (Version: - Microsoft)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Paragon Partition Manager™ 2013 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.6 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Schülerdatei (HKLM\...\Schülerdatei_is1) (Version: - )
SeaMonkey 2.23 (x86 de) (HKLM\...\SeaMonkey 2.23 (x86 de)) (Version: 2.23 - Mozilla)
SEPA Account Converter (HKLM\...\{BE109F11-6E2C-43F4-B105-AC646809915D}) (Version: 1.26.0 - Star Finanz GmbH)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SSD Fresh (HKLM\...\SSD Fresh_is1) (Version: 2014 - Abelssoft)
Steganos Online-Banking 2012 (HKLM\...\{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}) (Version: 2.0.4 - Steganos Software GmbH)
Südtirol (Topo) (HKLM\...\{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1) (Version: - )
Synchredible (HKLM\...\Synchredible_is1) (Version: 4.1.0.0 - ASCOMP Software GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for Microsoft Office 2010 (KB2202188) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{556146F7-74AE-4E0A-B64F-5B8B93469F61}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B5516874-E926-4BFD-B412-D0E70112F244}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2413186) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2433299) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C845127-B949-4D76-A732-BCB396AD9AA5}) (Version: - Microsoft)
Update für Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{10B1662A-566C-43C2-8469-5A470E0C7D7B}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
==================== Restore Points =========================
11-06-2014 00:53:33 Windows Update
12-06-2014 11:46:25 Windows Update
12-06-2014 11:59:44 Windows Update
12-06-2014 12:29:21 Windows Update
12-06-2014 12:39:09 Windows Update
12-06-2014 14:20:31 Windows Update
17-06-2014 19:59:30 Windows Update
19-06-2014 13:37:29 Removed Adobe Reader XI (11.0.07) - Deutsch.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2014-06-20 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1494CE34-BDC5-4FD0-94E4-D0C996FB0283} - System32\Tasks\{90D17530-3C2C-40F6-B7EC-67AF2B050F14} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {15C8C5F5-DC81-4C76-A6F4-660C61D7A68E} - System32\Tasks\{EACA44E9-4DFD-404A-BFE3-9BA4EEC22D32} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {5810F30F-F4FF-41AE-8914-8FC28C8F31E9} - System32\Tasks\{5FEBDF47-99DB-4B44-A7BC-5F3A4A25C231} => P:\ScanJet3750c\hpsw\setup.exe
Task: {5E09A80D-C05E-4AA8-B301-84FD079200D9} - System32\Tasks\{0A331208-69C2-422F-9525-5A4AB5AF90AC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {5F4687C5-9538-4116-9562-88D2B3063C2A} - System32\Tasks\{482F46FD-6E3D-4AAF-9342-EA23DD85282F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsPlugin
Task: {7A98C9B4-EA79-4AA5-B6EA-6205CD94AE50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {8F47FDAB-E0F3-4087-BBE2-5F6A4FBB5144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {91FE8E99-6729-4B9D-A39E-B910FD35CA13} - System32\Tasks\{3A62FA7F-C781-4F02-A4D2-9D87B884CBF5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {966E87D0-DE09-431B-848F-C20814DBFFF8} - System32\Tasks\{579B1786-A9C1-49EB-9988-53F3A6A7B96A} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: {97A4977C-4CD3-4079-A53E-E912CD8234C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {CD13EEBA-AD5D-4C8D-B98D-A8524AABCAA0} - System32\Tasks\{5521E072-B08D-489B-B353-06D5023E10E8} => E:\MG5300CanonDruckerCD\win\MSETUP4.EXE
Task: {FC9DD403-82A8-41E0-8686-54E7C885B0AD} - System32\Tasks\{1D5DAC64-C870-47EE-BAFE-AC01A24AD8C0} => C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe [2002-04-18] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 21:29 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-10-02 21:29 - 2014-06-21 11:51 - 00024576 _____ () C:\Program Files\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-02 21:29 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files\ASUS\AXSP\1.01.01\ATKEX.dll
2002-04-11 04:19 - 2002-04-11 04:19 - 00077824 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2002-04-11 04:19 - 2002-04-11 04:19 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2013-12-25 15:35 - 2013-02-18 09:22 - 00558592 _____ () C:\Program Files\Dual Monitor\ExplorerHook32.dll
2013-10-02 21:33 - 2013-03-12 07:20 - 01199576 ____R () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2000-11-06 10:15 - 2000-11-06 10:15 - 00126976 _____ () D:\Programme\msoffice\Office10\intldate.dll
2013-10-03 10:06 - 1998-05-24 14:33 - 00354304 _____ () D:\Programme\Salamand\SALAMAND.EXE
2012-10-27 18:17 - 2010-07-27 11:14 - 03194368 _____ () D:\Programme\StreamTransport\StreamTransport.exe
2012-10-27 18:17 - 2010-07-27 11:16 - 00909312 _____ () D:\Programme\StreamTransport\TaskManager.dll
2012-10-27 18:17 - 2010-02-24 10:31 - 00098304 _____ () D:\Programme\StreamTransport\mglobal.dll
2012-10-27 18:17 - 2010-02-24 10:32 - 00110592 _____ () D:\Programme\StreamTransport\sockhook.dll
2014-06-11 17:05 - 2014-06-11 17:06 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-22 09:30 - 2014-06-22 11:07 - 00854367 _____ () C:\Users\helmut\Desktop\SecurityCheck.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: ActivControl => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk => C:\Windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^helmut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "D:\Programme\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 78%
Total physical RAM: 3233.82 MB
Available physical RAM: 700.27 MB
Total Pagefile: 3432.11 MB
Available Pagefile: 824.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:50.12 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.41 GB) (Free:744.47 GB) NTFS
Drive f: (STORE N GO) (Removable) (Total:3.73 GB) (Free:2.56 GB) FAT32
Drive o: (Filme8) (Network) (Total:2750.66 GB) (Free:23.19 GB) NTFS
Drive q: (HelmutBack) (Network) (Total:1050 GB) (Free:835.65 GB) NTFS
Drive r: (Filme4) (Network) (Total:1829.35 GB) (Free:11.38 GB) NTFS
Drive s: (Filme5) (Network) (Total:2750.66 GB) (Free:83.56 GB) NTFS
Drive t: (Filme6) (Network) (Total:2750.66 GB) (Free:59.37 GB) NTFS
Drive v: (Harddisk) (Network) (Total:465.67 GB) (Free:448.22 GB) NTFS
Drive w: (Filme2) (Network) (Total:2750.66 GB) (Free:204.14 GB) NTFS
Drive x: (Filme3) (Network) (Total:1829.35 GB) (Free:9.15 GB) NTFS
Drive y: (Filme7) (Network) (Total:2750.67 GB) (Free:26.31 GB) NTFS
Drive z: (Filme1) (Network) (Total:1829.35 GB) (Free:39.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A5844C4D)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5844C55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: A751B383)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Ich habe gerade auf dem angeschlossenen Laser-Drucker etwas ausgedruckt und mööp, wieder das gleiche Problem  Nun habe ich mal den Standard-Drucker geändert, nach nem Neustart geht momentan, bisher wieder alles normal..**EDIT2** So jetzt ist der Rechner immer - auch beim Hochfahren so langsam :-( |
|
24.06.2014, 12:29
| #10 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s) die 4 Funde kannste manuell löschen. http://www.trojaner-board.de/126216-...epair-aio.html Das bitte mal machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2014, 17:30
| #11 |
| | Programme starten stark verzögert (10s) Hi, so ich habe das ganze jetzt über 24h laufen lassen, nach dem Neustart besteht aber leider genau das gleiche Problem weiterhin  Hier der Log: _Windows_Repair_Log.txt Code:
ATTFilter System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 32-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: HELMUTDESKTOP
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\helmut
Current Profile SID: S-1-5-21-3419901750-1294363576-1798334200-1000
Current Profile Classes: S-1-5-21-3419901750-1294363576-1798334200-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\helmut\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:16:40
Process Count: 71
Commit Total: 1,84 GB
Commit Limit: 3,35 GB
Commit Peak: 1,89 GB
Handle Count: 23506
Kernel Total: 294,91 MB
Kernel Paged: 223,89 MB
Kernel Non Paged: 71,03 MB
System Cache: 1,56 GB
Thread Count: 925
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,16 GB
Memory Used: 1,65 GB(52,221%)
Memory Avail.: 1,51 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,16 GB
Memory Used: 1,26 GB(39,9869%)
Memory Avail.: 1,90 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (24.06.2014 17:36:32)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (24.06.2014 17:38:37)
Running Repair Under Current User Account
Done (24.06.2014 17:39:36)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (24.06.2014 17:39:36)
Running Repair Under System Account
Done (24.06.2014 17:41:42)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (24.06.2014 17:41:42)
Running Repair Under System Account
Done (24.06.2014 17:44:20)
03 - Register System Files
Start (24.06.2014 17:44:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24.06.2014 20:30:52)
04 - Repair WMI
Start (24.06.2014 20:30:52)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
Avira Desktop Exported.
Exporting AntiSpyware Info...
Avira Desktop Exported.
Windows Defender Exported.
Exporting 3rd Party Firewall Info...
FireWall Exported.
Running Repair Under Current User Account
Done (24.06.2014 21:52:10)
05 - Repair Windows Firewall
Start (24.06.2014 21:52:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (24.06.2014 22:09:36)
06 - Repair Internet Explorer
Start (24.06.2014 22:09:36)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 06:52:21)
07 - Repair MDAC/MS Jet
Start (25.06.2014 06:52:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 07:34:48)
08 - Repair Hosts File
Start (25.06.2014 07:34:48)
Running Repair Under System Account
Done (25.06.2014 07:36:13)
09 - Remove Policies Set By Infections
Start (25.06.2014 07:36:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 07:39:10)
10 - Repair Start Menu Icons Removed By Infections
Start (25.06.2014 07:39:10)
Running Repair Under System Account
Done (25.06.2014 07:42:43)
11 - Repair Icons
Start (25.06.2014 07:42:43)
Running Repair Under Current User Account
Done (25.06.2014 07:43:53)
12 - Repair Winsock & DNS Cache
Start (25.06.2014 07:43:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 08:11:06)
14 - Repair Proxy Settings
Start (25.06.2014 08:11:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 13:25:50)
16 - Repair Windows Updates
Start (25.06.2014 13:25:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:31:39)
17 - Repair CD/DVD Missing/Not Working
Start (25.06.2014 16:31:39)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (25.06.2014 16:31:39)
18 - Repair Volume Shadow Copy Service
Start (25.06.2014 16:31:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:47:19)
20 - Repair MSI (Windows Installer)
Start (25.06.2014 16:47:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:52:03)
22.01 - Repair bat Association
Start (25.06.2014 16:52:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:54:21)
22.02 - Repair cmd Association
Start (25.06.2014 16:54:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:55:57)
22.03 - Repair com Association
Start (25.06.2014 16:55:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 16:57:56)
22.04 - Repair Directory Association
Start (25.06.2014 16:57:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:00:15)
22.05 - Repair Drive Association
Start (25.06.2014 17:00:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:02:07)
22.06 - Repair exe Association
Start (25.06.2014 17:02:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:03:44)
22.07 - Repair Folder Association
Start (25.06.2014 17:03:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:05:40)
22.08 - Repair inf Association
Start (25.06.2014 17:05:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:07:29)
22.09 - Repair lnk (Shortcuts) Association
Start (25.06.2014 17:07:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:09:08)
22.10 - Repair msc Association
Start (25.06.2014 17:09:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:10:45)
22.11 - Repair reg Association
Start (25.06.2014 17:10:45)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:12:23)
22.12 - Repair scr Association
Start (25.06.2014 17:12:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:14:00)
23 - Repair Windows Safe Mode
Start (25.06.2014 17:14:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:15:38)
24 - Repair Print Spooler
Start (25.06.2014 17:15:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:19:34)
25 - Restore Important Windows Services
Start (25.06.2014 17:19:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 17:40:16)
26 - Set Windows Services To Default Startup
Start (25.06.2014 17:40:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (25.06.2014 18:16:45)
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Cleaning up empty logs...
All Selected Repairs Done.
Done (25.06.2014 18:16:45)
Total Repair Time: 1:00:40:25
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
|
|
26.06.2014, 15:08
| #12 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s) poste mal bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.06.2014, 15:12
| #13 |
| | Programme starten stark verzögert (10s) Hi, Log ist im Anhang: FRST.exe FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by helmut (administrator) on HELMUTDESKTOP on 26-06-2014 16:11:00
Running from C:\Users\helmut\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Cristi) C:\Program Files\Dual Monitor\DualMonitor.exe
() D:\Programme\Salamand\SALAMAND.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) D:\Programme\msoffice\Office10\EXCEL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() D:\Programme\Salamand\SALAMAND.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe.tmp
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe.tmp
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avrestart.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3419901750-1294363576-1798334200-1000\...\Run: [dualmonitor] => C:\Program Files\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C829A553-5473-459C-A5D5-0650C3070C58} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\geocaching.xml
FF SearchPlugin: C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-06-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-07]
FF Extension: Adblock Plus - C:\Users\helmut\AppData\Roaming\Mozilla\Firefox\Profiles\3ojguono.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Wallet) - C:\Users\helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
========================== Services (Whitelisted) =================
S4 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21400 2012-11-28] (Promethean)
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S4 SkypeUpdate; D:\Programme\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
==================== Drivers (Whitelisted) ====================
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-05-26] (Oak Technology Inc.) [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [14720 2012-08-21] ()
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-10-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-10-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-20] (Avira Operations GmbH & Co. KG)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (www.winchiphead.com)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [524784 2013-01-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26608 2013-01-31] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-04-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [361968 2013-04-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793072 2013-04-26] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-03-12] (Intel Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 catchme; \??\C:\Users\helmut\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 16:11 - 2014-06-26 16:11 - 00013885 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-25 19:43 - 2014-06-25 19:47 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-25 19:43 - 2014-06-25 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 00:14 - 2014-06-25 00:14 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-24 17:36 - 2014-06-25 17:58 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-06-24 17:31 - 2014-06-24 17:31 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HELMUTDESKTOP-Microsoft-Windows-7-Professional-(32-bit).dat
2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\RegBackup
2014-06-24 17:19 - 2014-06-24 17:19 - 00003288 ____N () C:\bootsqm.dat
2014-06-24 17:09 - 2014-06-24 17:09 - 00000000 ____D () C:\Users\helmut\Desktop\tweaking.com_windows_repair_aio
2014-06-24 17:08 - 2014-06-24 17:09 - 03434761 _____ () C:\Users\helmut\Desktop\tweaking.com_windows_repair_aio.zip
2014-06-22 09:29 - 2014-06-22 11:13 - 00000000 ____D () C:\Users\helmut\Desktop\weg
2014-06-21 12:24 - 2014-06-26 16:10 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-21 10:44 - 2014-06-23 19:01 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:30 - 2014-06-25 19:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 10:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 16:15 - 2014-06-20 16:16 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:15 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:14 - 2014-06-20 16:16 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:00 - 2014-06-20 16:06 - 00000000 ____D () C:\Qoobox
2014-06-20 16:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 16:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 16:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 16:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 15:53 - 2014-06-20 16:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-19 17:40 - 2014-06-19 17:41 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:39 - 2014-06-19 17:41 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 17:38 - 2014-06-26 16:11 - 00000000 ____D () C:\FRST
2014-06-19 17:38 - 2014-06-26 16:10 - 01073152 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:42 - 2014-06-19 15:43 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:10 - 2014-06-18 22:11 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 16:22 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 16:22 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 16:22 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 16:22 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 16:22 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 16:22 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 16:22 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 16:22 - 2013-10-02 01:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 16:22 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 16:22 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 16:22 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 16:20 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:20 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 14:08 - 2014-06-25 21:36 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 13:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 13:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 13:58 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 13:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 13:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 13:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 13:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 13:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 13:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 13:58 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 13:58 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 13:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 13:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 13:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 13:58 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 13:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 13:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 13:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 13:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 13:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 13:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 13:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 13:58 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 13:58 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 13:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 13:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 13:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 13:57 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:41 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 13:41 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 13:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 08:24 - 2014-06-12 14:04 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-11 23:17 - 2014-06-19 16:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-11 23:13 - 2014-06-11 23:16 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:20 - 2014-06-11 17:22 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:05 - 2014-06-11 17:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2014-06-11 16:35 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 09:49 - 2014-06-11 09:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
==================== One Month Modified Files and Folders =======
2014-06-26 16:11 - 2014-06-26 16:11 - 00013885 _____ () C:\Users\helmut\Desktop\FRST.txt
2014-06-26 16:11 - 2014-06-19 17:38 - 00000000 ____D () C:\FRST
2014-06-26 16:10 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\helmut\Desktop\FRST-OlderVersion
2014-06-26 16:10 - 2014-06-19 17:38 - 01073152 _____ (Farbar) C:\Users\helmut\Desktop\FRST.exe
2014-06-26 15:55 - 2014-05-01 18:15 - 16210432 _____ () C:\Users\helmut\Desktop\FilmeauslesenW7.xls
2014-06-26 15:55 - 2013-11-09 19:09 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-26 15:55 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 15:55 - 2009-07-14 06:34 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 15:54 - 2010-11-20 23:01 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 15:50 - 2013-10-06 11:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 15:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 15:50 - 2009-07-14 06:39 - 00065256 _____ () C:\Windows\setupact.log
2014-06-26 06:38 - 2013-10-02 21:26 - 01988046 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 06:14 - 2013-10-06 11:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 22:46 - 2013-10-02 23:13 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\vlc
2014-06-25 21:36 - 2014-06-12 14:08 - 00000000 ____D () C:\Users\helmut\Desktop\Sammelordner
2014-06-25 21:30 - 2013-10-02 22:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-25 19:47 - 2014-06-25 19:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-25 19:47 - 2014-06-25 19:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 19:32 - 2014-06-21 10:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 19:30 - 2010-11-20 23:48 - 00662102 _____ () C:\Windows\PFRO.log
2014-06-25 18:48 - 2013-10-03 10:41 - 00000000 ____D () C:\Users\MailThunder\GMX
2014-06-25 18:46 - 2013-12-25 15:35 - 00000000 ____D () C:\Program Files\Dual Monitor
2014-06-25 18:20 - 2010-11-21 02:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-25 18:19 - 2013-10-02 21:34 - 00086920 _____ () C:\Users\helmut\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-25 18:19 - 2009-07-14 06:33 - 00345648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-25 17:58 - 2014-06-24 17:36 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-06-25 09:19 - 2013-10-02 23:17 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Skype
2014-06-25 00:14 - 2014-06-25 00:14 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-24 17:31 - 2014-06-24 17:31 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HELMUTDESKTOP-Microsoft-Windows-7-Professional-(32-bit).dat
2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\RegBackup
2014-06-24 17:19 - 2014-06-24 17:19 - 00003288 ____N () C:\bootsqm.dat
2014-06-24 17:09 - 2014-06-24 17:09 - 00000000 ____D () C:\Users\helmut\Desktop\tweaking.com_windows_repair_aio
2014-06-24 17:09 - 2014-06-24 17:08 - 03434761 _____ () C:\Users\helmut\Desktop\tweaking.com_windows_repair_aio.zip
2014-06-24 05:48 - 2013-10-04 16:11 - 00000000 ____D () C:\winsv
2014-06-23 19:02 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-23 19:01 - 2014-06-21 10:44 - 00000000 ____D () C:\AdwCleaner
2014-06-23 18:53 - 2013-10-03 10:42 - 00000000 ____D () C:\Users\MailThunder\Verwaltung
2014-06-23 05:39 - 2013-11-03 15:02 - 00000000 ___RD () C:\Users\helmut\Dropbox
2014-06-23 05:38 - 2014-05-07 06:34 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\DropboxMaster
2014-06-23 05:38 - 2013-10-03 00:26 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Dropbox
2014-06-22 11:13 - 2014-06-22 09:29 - 00000000 ____D () C:\Users\helmut\Desktop\weg
2014-06-21 10:53 - 2014-06-21 10:53 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2014-06-21 10:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-21 10:28 - 2013-10-06 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 10:27 - 2014-06-21 10:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\helmut\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 22:08 - 2014-01-03 22:36 - 00000658 _____ () C:\Windows\helmut.xlb
2014-06-20 18:27 - 2014-04-08 18:22 - 00698880 _____ () C:\Users\helmut\Documents\Helmut (Steganos).sub
2014-06-20 18:10 - 2014-04-08 18:22 - 00001939 _____ () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banking 4W.lnk
2014-06-20 16:16 - 2014-06-20 16:15 - 00001757 _____ () C:\Users\helmut\Desktop\SEPA Account Converter.lnk
2014-06-20 16:16 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
2014-06-20 16:16 - 2014-06-20 16:14 - 00000000 ____D () C:\Users\helmut\AppData\Local\Downloaded Installations
2014-06-20 16:06 - 2014-06-20 16:06 - 00016677 _____ () C:\ComboFix.txt
2014-06-20 16:06 - 2014-06-20 16:00 - 00000000 ____D () C:\Qoobox
2014-06-20 16:06 - 2013-10-03 10:39 - 00000000 ____D () C:\Users\MailThunder
2014-06-20 16:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-06-20 16:05 - 2014-06-20 15:53 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 16:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 16:05 - 2009-07-14 04:04 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_636
2014-06-20 08:26 - 2014-04-15 08:06 - 00000000 ____D () C:\ASVBackups
2014-06-19 17:41 - 2014-06-19 17:40 - 00027200 _____ () C:\Users\helmut\Downloads\Addition.txt
2014-06-19 17:41 - 2014-06-19 17:39 - 00041722 _____ () C:\Users\helmut\Downloads\FRST.txt
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Users\helmut\Documents\Anti-Malware
2014-06-19 16:01 - 2014-06-11 23:17 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-19 15:56 - 2013-10-06 18:24 - 00000000 ____D () C:\Windows\pss
2014-06-19 15:51 - 2014-06-19 15:51 - 00000000 ____D () C:\Users\helmut\Documents\OneNote-Notizbücher
2014-06-19 15:49 - 2013-10-02 23:07 - 00000000 ____D () C:\Users\helmut\Desktop\Programme
2014-06-19 15:48 - 2014-06-19 15:48 - 00001682 _____ () C:\Users\helmut\Documents\cc_20140619_154835.reg
2014-06-19 15:46 - 2014-06-19 15:46 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 ____D () C:\Program Files\Adobe
2014-06-19 15:46 - 2013-10-02 22:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 15:43 - 2014-06-19 15:42 - 00118858 _____ () C:\Users\helmut\Documents\cc_20140619_154254.reg
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-19 15:36 - 2014-06-19 15:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 15:35 - 2014-06-19 15:35 - 04765152 _____ (Piriform Ltd) C:\Users\helmut\Downloads\ccsetup411.exe
2014-06-18 22:11 - 2014-06-18 22:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-13 03:09 - 2013-10-06 11:44 - 00002123 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 17:21 - 2013-10-03 07:22 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-06-12 17:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-12 16:21 - 2014-05-07 03:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 14:04 - 2014-06-12 14:04 - 00001648 _____ () C:\Users\helmut\Desktop\procexp.exe - Verknüpfung.lnk
2014-06-12 14:04 - 2014-06-12 08:24 - 00000000 ____D () C:\Users\helmut\Downloads\processexplorer
2014-06-12 13:51 - 2014-06-12 13:51 - 00007598 _____ () C:\Users\helmut\AppData\Local\Resmon.ResmonCfg
2014-06-12 13:49 - 2013-10-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:48 - 2013-10-02 22:33 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:24 - 2014-06-12 08:24 - 01243655 _____ () C:\Users\helmut\Downloads\processexplorer.zip
2014-06-11 23:16 - 2014-06-11 23:13 - 234642944 _____ (Emsisoft GmbH ) C:\Users\helmut\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-11 17:22 - 2014-06-11 17:20 - 163783630 _____ () C:\Users\helmut\Downloads\fp_11.8.800.94_archive.zip
2014-06-11 17:06 - 2014-06-11 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 16:48 - 2013-10-10 21:44 - 00020942 _____ () C:\Users\helmut\ACTIVstudioError.log
2014-06-11 16:39 - 2014-06-11 16:39 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 16:39 - 2014-06-11 16:39 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 16:35 - 2014-06-11 16:11 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-11 16:35 - 2013-10-02 23:12 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-11 16:27 - 2014-06-11 16:27 - 25032080 _____ (Mozilla) C:\Users\helmut\Downloads\Firefox Setup 28.0.exe
2014-06-11 16:23 - 2014-06-11 16:23 - 25531584 _____ () C:\Users\helmut\Downloads\vlc-2.1.3-win32.exe
2014-06-11 16:22 - 2014-06-11 16:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-06-11 16:11 - 2013-10-02 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-11 13:37 - 2014-05-01 17:14 - 02462720 _____ () C:\Users\helmut\Desktop\Serien.xls
2014-06-11 09:48 - 2014-06-11 09:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\helmut\Downloads\Firefox - CHIP-Installer.exe
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieUserList
2014-06-11 07:58 - 2014-06-11 07:58 - 00000000 __SHD () C:\Users\helmut\AppData\Local\EmieSiteList
2014-06-08 10:48 - 2014-06-12 16:20 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 16:20 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 00:05 - 2013-12-26 11:41 - 00000000 ____D () C:\Windows\Minidump
2014-06-07 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060714-10530-01.dmp
2014-06-04 15:53 - 2013-10-15 21:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-04 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060414-11559-01.dmp
2014-06-03 17:30 - 2013-11-09 19:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-02 00:05 - 2013-10-02 21:23 - 00181598 ____N () C:\Windows\Minidump\060214-11091-01.dmp
2014-06-01 22:50 - 2014-06-01 22:50 - 00013312 _____ () C:\Users\helmut\Desktop\BWW.xls
2014-05-31 12:19 - 2014-05-31 12:19 - 00000518 _____ () C:\Users\helmut\Documents\centauri.txt
2014-05-31 11:02 - 2014-01-31 17:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-30 11:18 - 2014-06-12 13:58 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 13:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 13:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 13:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 13:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 13:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 13:58 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 13:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 13:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 13:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 13:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 13:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 13:58 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 13:58 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 13:58 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 13:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 13:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 13:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 13:58 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 13:58 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 13:58 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 13:58 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 13:58 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 13:58 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 13:58 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 13:58 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 13:58 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 13:58 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 12:32 - 2013-10-20 19:19 - 00086920 _____ () C:\Users\helmut\AppData\Roaming\GDIPFONTCACHEV1.DAT
2014-05-27 06:32 - 2013-11-01 00:47 - 00000000 ____D () C:\Users\helmut\AppData\Roaming\TeamViewer
Some content of TEMP:
====================
C:\Users\helmut\AppData\Local\temp\avgnt.exe
C:\Users\helmut\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwx9y9a.dll
C:\Users\helmut\AppData\Local\temp\Quarantine.exe
C:\Users\helmut\AppData\Local\temp\TopBankingSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 10:47
==================== End Of Log ============================
|
|
27.06.2014, 11:19
| #14 |
| /// the machine /// TB-Ausbilder | Programme starten stark verzögert (10s) Durchführen eines sicheren Systemstarts, um festzustellen, ob das Spiel oder das Programm im Hintergrund ausgeführte Programme stören könnte Mach mal bitte einen Clean Boot und teste nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.06.2014, 21:25
| #15 |
| | Programme starten stark verzögert (10s) Der Clean Boot hat leider nicht so zu 100% geklappt. Ich habe jetzt aber mal was anderes probiert, nämlich den Echtzeit-Scanner von Antivir ausgestellt - und nun läuft der Rechner schon seit ca. 2 Tagen wie ne eins... |
|
| Themen zu Programme starten stark verzögert (10s) |
| antwort, auftrag, dankbar, dokument, eigenartiges, folgende, funktioniert, komisch, minute, minuten, nsis/startpage.cc, problem, programme, sekunden, starte, starten, verzögert, win32/downloadsponsor.a, win32/toolbar.widgi, win32/winloadsda.d, windows, windows 7, woran |
WARNUNG an die MITLESER: 
Linear-Darstellung
