| |
| |||||||
Log-Analyse und Auswertung: Windows Version InstallerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.06.2014, 21:44
| #1 |
 |  Windows Version Installer Leider ist auch bei mir der schon mehrfach beschriebene Windows Version Installer aufgetaucht. Ich habe wie in der Beschreibung empfohlen schon einmal defogger, FRST und GMER laufen lassen (s.u. bzw. Anhänge). Außerdem passiert es, dass beim Klicken auf eine Internetseite sich eine weitere Seite öffnet. Ich habe ein Bildschirmfoto dieser Seite angehängt. Ebenfalls angehängt habe ich ein Bildschirmfoto meines Virencontainers bei Avast (ich habe diesen leider nicht anders gespeichert bekommen). Ich würde mich sehr freuen, wenn mir bei der Behebung des Problems geholfen werden könnte. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by user (administrator) on USER-PC on 20-06-2014 20:29:42 Running from C:\Users\user\Downloads Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () C:\Program Files (x86)\SpadeCast\updateSpadeCast.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe () C:\Program Files (x86)\SpadeCast\bin\utilSpadeCast.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.PurBrowse64.exe () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG) HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2186096 2012-03-21] (SMART Technologies) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-10-21] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-10-21] (CyberLink) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe [172032 2008-09-24] (CyberLink Corp.) HKLM-x32\...\Run: [TVEService] => C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe [180224 2008-11-28] (CyberLink Corp.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * aswBoot.exe /M:5a8166bc /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD56ED78C9597CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {FEF01FDC-AF2E-4059-85DA-D6F23A6CEC77} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN24205133882934632&UM=2 BHO: No Name - {11111111-1111-1111-1111-110511291116} - No File BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {11111111-1111-1111-1111-110511291116} - No File BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SpadeCast - {ed381eb3-45e2-4e12-89eb-be974b15da44} - C:\Program Files (x86)\SpadeCast\SpadeCastbho.dll (SpadeCast) BHO-x32: No Name - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Users\user\AppData\LocalLow\systems ie bho\bho.dll () Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379 FF SearchEngineOrder.1: Microsoft (Bing) FF Homepage: google.de FF Keyword.URL: hxxp://www.bing.com/search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\bing-avast.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\conduit.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\trovi-search.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-04] FF Extension: Plus-HD-9.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-06-20] FF Extension: Foxy Secure - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\admin@foxysecure.com [2014-06-13] FF Extension: SpadeCast - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\{f64c1459-b911-4fd8-a74e-36a496bf26e3}.xpi [2014-06-20] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-02] Chrome: ======= CHR HomePage: hxxp://www.msn.com/?pc=AV01 CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01" CHR NewTab: "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html" CHR DefaultSearchKeyword: bing1.com CHR DefaultSearchProvider: Microsoft (Bing) CHR DefaultSearchURL: hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26] CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-19] CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-19] CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\user\AppData\Local\Temp\CT3317892.crx [2014-06-19] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed] R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-11-28] () [File not signed] R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies) R2 TVECapSvc; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [372831 2008-11-28] () [File not signed] R2 TVESched; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [184413 2008-11-28] () [File not signed] R2 Update SpadeCast; C:\Program Files (x86)\SpadeCast\updateSpadeCast.exe [317728 2014-06-20] () R2 Util SpadeCast; C:\Program Files (x86)\SpadeCast\bin\utilSpadeCast.exe [317728 2014-06-20] () ==================== Drivers (Whitelisted) ==================== R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1305056 2009-09-24] (NXP Semiconductors Germany GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-04-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] () R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [32240 2008-05-16] (Cyberlink Corp.) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-20 20:29 - 2014-06-20 20:30 - 00027030 _____ () C:\Users\user\Downloads\FRST.txt 2014-06-20 20:29 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Downloads\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-19 23:51 - 2014-06-19 23:51 - 02082304 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:33 - 2014-06-16 17:45 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-19 22:31 - 2014-06-20 20:00 - 00001426 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.job 2014-06-19 22:31 - 2014-06-20 18:08 - 00000000 ____D () C:\Program Files (x86)\SpadeCast 2014-06-19 22:31 - 2014-06-19 22:31 - 00004456 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5 2014-06-19 22:30 - 2014-06-20 20:30 - 00001424 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7.job 2014-06-19 22:30 - 2014-06-20 20:00 - 00002206 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.job 2014-06-19 22:30 - 2014-06-20 20:00 - 00001346 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.job 2014-06-19 22:30 - 2014-06-20 19:59 - 00001490 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6.job 2014-06-19 22:30 - 2014-06-20 19:59 - 00001482 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1.job 2014-06-19 22:30 - 2014-06-19 22:30 - 00005236 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4 2014-06-19 22:30 - 2014-06-19 22:30 - 00004520 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6 2014-06-19 22:30 - 2014-06-19 22:30 - 00004512 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1 2014-06-19 22:30 - 2014-06-19 22:30 - 00004452 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7 2014-06-19 22:30 - 2014-06-19 22:30 - 00004376 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2 2014-06-19 22:29 - 2014-06-20 20:00 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-06-19 22:29 - 2014-06-20 20:00 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.1 2014-06-19 22:29 - 2014-06-20 04:34 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-06-19 22:29 - 2014-06-19 22:29 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-06-19 22:29 - 2014-06-19 22:29 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Users\user\AppData\Local\globalUpdate 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-06-19 22:28 - 2014-06-20 18:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\VOPackage 2014-06-19 22:28 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-19 22:27 - 2014-06-20 18:17 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-06-19 22:27 - 2014-06-19 22:27 - 00000000 ____D () C:\Users\user\AppData\Local\SearchProtect 2014-06-19 22:25 - 2014-06-19 22:25 - 00468912 _____ () C:\Users\user\Downloads\download_audiograbber.exe 2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-13 17:22 - 2014-06-13 18:14 - 00000000 ____D () C:\Program Files (x86)\ProgDVB 2014-06-13 17:22 - 2014-06-13 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:42 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:41 - 2014-06-12 23:08 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:40 - 2008-11-28 02:05 - 00095232 _____ (CyberLink) C:\Windows\SysWOW64\oCLWatson.exe 2014-06-12 22:40 - 2008-11-28 02:05 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll 2014-06-12 22:40 - 2008-11-28 02:05 - 00000917 _____ () C:\Windows\SysWOW64\CLWatson.ini 2014-06-12 22:39 - 2014-06-13 08:54 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-12 22:38 - 2014-06-12 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:32 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 22:12 - 2014-06-12 22:12 - 00357736 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_fuer_cyberlink-powercinema.exe 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-11 17:36 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 17:36 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 17:36 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 17:36 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-11 17:36 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 17:36 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 17:36 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 17:36 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 17:36 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 17:36 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-06-11 17:36 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 17:36 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 17:36 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 17:36 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 17:36 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 17:36 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-05 22:41 - 2014-06-18 23:03 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389526074 2014-05-30 10:35 - 2014-06-14 17:34 - 00000000 ____D () C:\Users\user\Radio ==================== One Month Modified Files and Folders ======= 2014-06-20 20:30 - 2014-06-20 20:29 - 00027030 _____ () C:\Users\user\Downloads\FRST.txt 2014-06-20 20:30 - 2014-06-19 22:30 - 00001424 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7.job 2014-06-20 20:29 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Downloads\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe 2014-06-20 20:16 - 2013-08-18 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-20 20:13 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-20 20:13 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat 2014-06-20 20:13 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat 2014-06-20 20:04 - 2008-01-21 03:53 - 01656626 _____ () C:\Windows\WindowsUpdate.log 2014-06-20 20:03 - 2013-05-03 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-20 20:01 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster 2014-06-20 20:01 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox 2014-06-20 20:01 - 2013-04-29 15:05 - 00000000 ___RD () C:\Users\user\Dropbox 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-20 20:00 - 2014-06-19 22:31 - 00001426 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.job 2014-06-20 20:00 - 2014-06-19 22:30 - 00002206 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.job 2014-06-20 20:00 - 2014-06-19 22:30 - 00001346 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.job 2014-06-20 20:00 - 2014-06-19 22:29 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-06-20 20:00 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.1 2014-06-20 20:00 - 2013-05-02 16:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-20 20:00 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-20 20:00 - 2006-11-02 14:34 - 00000321 _____ () C:\Windows\win.ini 2014-06-20 19:59 - 2014-06-19 22:30 - 00001490 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6.job 2014-06-20 19:59 - 2014-06-19 22:30 - 00001482 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1.job 2014-06-20 19:59 - 2013-10-09 21:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job 2014-06-20 19:59 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 19:59 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-20 19:59 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-20 18:19 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-20 18:17 - 2014-06-19 22:27 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-06-20 18:17 - 2013-08-12 21:55 - 00000876 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-20 18:09 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\VOPackage 2014-06-20 18:08 - 2014-06-19 22:31 - 00000000 ____D () C:\Program Files (x86)\SpadeCast 2014-06-20 18:08 - 2013-08-12 21:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-20 04:34 - 2014-06-19 22:29 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-06-19 23:51 - 2014-06-19 23:51 - 02082304 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:27 - 2013-06-01 00:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Audacity 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-19 22:31 - 2014-06-19 22:31 - 00004456 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5 2014-06-19 22:30 - 2014-06-19 22:30 - 00005236 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4 2014-06-19 22:30 - 2014-06-19 22:30 - 00004520 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6 2014-06-19 22:30 - 2014-06-19 22:30 - 00004512 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1 2014-06-19 22:30 - 2014-06-19 22:30 - 00004452 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7 2014-06-19 22:30 - 2014-06-19 22:30 - 00004376 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2 2014-06-19 22:29 - 2014-06-19 22:29 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-06-19 22:29 - 2014-06-19 22:29 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Users\user\AppData\Local\globalUpdate 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-06-19 22:28 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-19 22:27 - 2014-06-19 22:27 - 00000000 ____D () C:\Users\user\AppData\Local\SearchProtect 2014-06-19 22:25 - 2014-06-19 22:25 - 00468912 _____ () C:\Users\user\Downloads\download_audiograbber.exe 2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 23:03 - 2014-06-05 22:41 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389526074 2014-06-18 23:03 - 2013-05-02 21:34 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-16 20:34 - 2013-08-23 21:07 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien 2014-06-16 20:33 - 2013-04-29 15:11 - 00000000 ____D () C:\Users\user\Klettern und Wandern 2014-06-16 17:45 - 2014-06-19 23:33 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-14 17:34 - 2014-05-30 10:35 - 00000000 ____D () C:\Users\user\Radio 2014-06-13 20:00 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\user\Schule 2014-06-13 18:14 - 2014-06-13 17:22 - 00000000 ____D () C:\Program Files (x86)\ProgDVB 2014-06-13 17:22 - 2014-06-13 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB 2014-06-13 08:54 - 2014-06-12 22:39 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-13 08:54 - 2006-11-02 17:21 - 00388712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 23:08 - 2014-06-12 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:45 - 2014-06-12 22:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:45 - 2013-05-03 23:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\CyberLink 2014-06-12 22:45 - 2013-04-30 19:27 - 00105304 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 22:42 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:42 - 2013-05-02 16:14 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-06-12 22:42 - 2013-04-30 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-12 22:41 - 2013-05-02 17:47 - 00000000 ____D () C:\ProgramData\CyberLink 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:33 - 2014-06-12 22:32 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 22:12 - 2014-06-12 22:12 - 00357736 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_fuer_cyberlink-powercinema.exe 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-12 21:31 - 2013-08-16 18:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 21:29 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 21:28 - 2013-05-02 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 23:33 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Catrin 2014-06-05 23:15 - 2013-05-03 00:52 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-06-01 20:32 - 2013-05-03 23:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-05-31 23:14 - 2013-05-03 16:43 - 00135680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-31 23:14 - 2013-04-29 15:06 - 00000000 ____D () C:\Users\user\Fotos 2014-05-28 20:53 - 2014-06-11 17:36 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 20:37 - 2014-06-11 17:36 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 20:35 - 2014-06-11 17:36 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 20:30 - 2014-06-11 17:36 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 20:30 - 2014-06-11 17:36 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 20:29 - 2014-06-11 17:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 20:28 - 2014-06-11 17:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 20:28 - 2014-06-11 17:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 20:27 - 2014-06-11 17:36 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-28 18:48 - 2014-06-11 17:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-28 18:39 - 2014-06-11 17:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-28 18:38 - 2014-06-11 17:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-28 18:33 - 2014-06-11 17:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-28 18:32 - 2014-06-11 17:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-28 18:32 - 2014-06-11 17:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-28 18:30 - 2014-06-11 17:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-28 18:29 - 2014-06-11 17:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-05-28 18:29 - 2014-06-11 17:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-05-28 18:28 - 2014-06-11 17:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-28 18:19 - 2013-04-29 15:04 - 00000000 ____D () C:\Users\user\Documents\Aufnahmen 2014-05-28 10:53 - 2014-04-23 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-26 23:00 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Caspar Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\AskSLib.dll C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4lxv0v.dll C:\Users\user\AppData\Local\Temp\FoxySecuritySetup.exe C:\Users\user\AppData\Local\Temp\InstallAX.exe C:\Users\user\AppData\Local\Temp\installhelper.dll C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\MSETUP4.EXE C:\Users\user\AppData\Local\Temp\nsc7D8D.exe C:\Users\user\AppData\Local\Temp\nscE0F4.exe C:\Users\user\AppData\Local\Temp\nsfFCF3.exe C:\Users\user\AppData\Local\Temp\nsh8D39.exe C:\Users\user\AppData\Local\Temp\nsk8A8.exe C:\Users\user\AppData\Local\Temp\nsk91CC.exe C:\Users\user\AppData\Local\Temp\nsk9DB0.exe C:\Users\user\AppData\Local\Temp\nsmB32D.exe C:\Users\user\AppData\Local\Temp\nsp971A.exe C:\Users\user\AppData\Local\Temp\nsq2FD.exe C:\Users\user\AppData\Local\Temp\nsq8DF0.exe C:\Users\user\AppData\Local\Temp\ose00000.exe C:\Users\user\AppData\Local\Temp\SetupDataMngr_Searchqu.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF-1.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\user\AppData\Local\Temp\SPStub.exe C:\Users\user\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\user\AppData\Local\Temp\tbRadi.dll C:\Users\user\AppData\Local\Temp\uninstall.exe C:\Users\user\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.1-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.2-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.3-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-20 20:06 ==================== End Of Log ============================ Vielen Dank und mit besten Grüßen Löschel |
|
20.06.2014, 23:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Version Installer Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.06.2014, 09:41
| #3 |
| | Windows Version Installer Hallo cosinus,
__________________vielen Dank für die Antwort, ich werde aktualisierte scans und Ergänzungen jetzt hoffentlich in der gewünschten Form schicken. Vorweg: ich habe in der Zwischenzeit doch schon einiges gemacht, da ich es sehr unheimlich fand, dass sich bei Klicks auf eine Internetseite öffnete, außerdem ständig "OnlineBrowserAdvertising"-Fenster auftauchten. Avast schlug vor eine Startzeitüberprüfung vor, die ich durchgeführt habe. Leider kann ich das Protokoll dazu nicht als Textdatei einfügen (sorry!), es sind die drei Bilder im Anhang. Außerdem habe ich nach einer weiteren Lösung für die "OnlineBrowserAdvertising"-Fenster gesucht. Dazu habe ich nach einer Anleitung aus hxxp://techfrage.de/question/7459/anleitung-onlinebrowseradvertising-browser-virus-entfernen/ per Revo-Uninstaller alle kürzlich installierten Programme gelöscht. Zusätzlich habe ich Malwarebytes Anti Malware scannen lassen (s.u.), desgleichen AdwCleaner sowie Junkware Removal Tool. Ebenso den ESET Online Scanner. Schließlich habe ich die Browser zurückgesetzt, deinstalliert und neuinstalliert. Es scheint nun zunächst alles wieder zu laufen (keine "OnlineBrowserAdvertising"-Fenster, kein Öffnen von unerwünschten Internetseiten beim Klicken auf die Seite. Keine Fehlernazeige beim Anmelden bei gmx). Ich möchte natürlich gerne sicher sein, dass sich nicht doch noch unerwünschte Programm auf meinem Rechner tummeln, und hänge deshalb noch einmal aktualisiert die gewünschten Scans an: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:19 on 22/06/2014 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01 Ran by user (administrator) on USER-PC on 22-06-2014 09:20:05 Running from C:\Users\user\Desktop Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG) HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2186096 2012-03-21] (SMART Technologies) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-10-21] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-10-21] (CyberLink) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe [172032 2008-09-24] (CyberLink Corp.) HKLM-x32\...\Run: [TVEService] => C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe [180224 2008-11-28] (CyberLink Corp.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD56ED78C9597CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgb2ug3m.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=avastbcl" CHR NewTab: "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26] CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\user\AppData\Local\Temp\CT3317892.crx [2013-08-26] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed] R4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-11-28] () [File not signed] R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies) R2 TVECapSvc; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [372831 2008-11-28] () [File not signed] R2 TVESched; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [184413 2008-11-28] () [File not signed] ==================== Drivers (Whitelisted) ==================== R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1305056 2009-09-24] (NXP Semiconductors Germany GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-04-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-22] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [32240 2008-05-16] (Cyberlink Corp.) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] U3 kxldapob; \??\C:\Users\user\AppData\Local\Temp\kxldapob.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-22 09:14 - 2014-06-22 09:14 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-22 09:01 - 2014-06-22 09:01 - 00003056 _____ () C:\Windows\System32\Tasks\{2FB2F2B0-005E-4984-A3DB-81931D588C72} 2014-06-22 08:58 - 2014-06-22 08:58 - 00002604 _____ () C:\Users\user\Desktop\eset.txt 2014-06-22 00:09 - 2014-06-22 00:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-21 23:59 - 2014-06-21 23:59 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-21 22:56 - 2014-06-21 22:56 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-21 22:13 - 2014-06-21 22:13 - 00003886 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403381614 2014-06-21 22:13 - 2014-06-21 22:13 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-06-21 22:13 - 2014-06-21 22:13 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-21 22:07 - 2014-06-21 22:09 - 27641968 _____ (Opera Software ASA) C:\Users\user\Downloads\Opera_22.0.1471.70_Setup.exe 2014-06-21 22:06 - 2014-06-21 22:06 - 00284288 _____ (Mozilla) C:\Users\user\Downloads\Firefox Setup Stub 30.0.exe 2014-06-21 21:53 - 2014-06-21 21:54 - 02953520 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-06-21 21:50 - 2014-06-21 21:50 - 00000000 ____D () C:\Users\user\Desktop\Alte Firefox-Daten 2014-06-21 21:49 - 2014-06-21 21:49 - 00053471 _____ () C:\Users\user\Desktop\bookmarks.html 2014-06-21 21:16 - 2014-06-21 21:16 - 00001251 _____ () C:\Users\user\Desktop\JRT.txt 2014-06-21 21:02 - 2014-06-21 21:02 - 00000000 ____D () C:\Windows\ERUNT 2014-06-21 21:01 - 2014-06-21 21:01 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-06-21 20:59 - 2014-06-21 20:59 - 00008422 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt 2014-06-21 20:59 - 2014-06-21 20:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-21 20:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-21 20:55 - 2014-06-21 20:57 - 00000000 ____D () C:\AdwCleaner 2014-06-21 20:54 - 2014-06-21 20:54 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe 2014-06-21 20:04 - 2014-06-22 00:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-21 20:03 - 2014-06-21 20:03 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-21 20:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-21 20:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-21 19:58 - 2014-06-21 20:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-21 19:46 - 2014-06-21 19:46 - 00001099 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-06-21 19:46 - 2014-06-21 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-21 19:41 - 2014-06-21 19:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe 2014-06-20 22:04 - 2014-06-20 22:04 - 00025255 _____ () C:\Users\user\Desktop\Gmer.txt 2014-06-20 20:32 - 2014-06-20 20:32 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe 2014-06-20 20:30 - 2014-06-20 20:31 - 00046190 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-20 20:29 - 2014-06-22 09:20 - 00025404 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-20 20:29 - 2014-06-22 09:20 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-22 09:19 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe 2014-06-19 23:51 - 2014-06-22 09:14 - 02083328 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:33 - 2014-06-16 17:45 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:42 - 2014-06-21 10:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:41 - 2014-06-12 23:08 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:40 - 2008-11-28 02:05 - 00095232 _____ (CyberLink) C:\Windows\SysWOW64\oCLWatson.exe 2014-06-12 22:40 - 2008-11-28 02:05 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll 2014-06-12 22:40 - 2008-11-28 02:05 - 00000917 _____ () C:\Windows\SysWOW64\CLWatson.ini 2014-06-12 22:39 - 2014-06-13 08:54 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-12 22:38 - 2014-06-12 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:32 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-11 17:36 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 17:36 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 17:36 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 17:36 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-11 17:36 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 17:36 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 17:36 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 17:36 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 17:36 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 17:36 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-06-11 17:36 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 17:36 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 17:36 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 17:36 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 17:36 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 17:36 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-05-30 10:35 - 2014-06-14 17:34 - 00000000 ____D () C:\Users\user\Radio ==================== One Month Modified Files and Folders ======= 2014-06-22 09:20 - 2014-06-20 20:29 - 00025404 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-22 09:20 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-22 09:19 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log 2014-06-22 09:16 - 2013-08-18 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-22 09:14 - 2014-06-22 09:14 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-22 09:14 - 2014-06-19 23:51 - 02083328 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-22 09:03 - 2013-05-03 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-22 09:01 - 2014-06-22 09:01 - 00003056 _____ () C:\Windows\System32\Tasks\{2FB2F2B0-005E-4984-A3DB-81931D588C72} 2014-06-22 08:58 - 2014-06-22 08:58 - 00002604 _____ () C:\Users\user\Desktop\eset.txt 2014-06-22 08:57 - 2008-01-21 03:53 - 01703303 _____ () C:\Windows\WindowsUpdate.log 2014-06-22 05:00 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-22 05:00 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-22 02:39 - 2013-05-06 20:44 - 00000000 ____D () C:\Users\user\Anwendungen 2014-06-22 00:47 - 2014-06-21 20:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-22 00:09 - 2014-06-22 00:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-21 23:59 - 2014-06-21 23:59 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-21 22:56 - 2014-06-21 22:56 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-21 22:13 - 2014-06-21 22:13 - 00003886 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403381614 2014-06-21 22:13 - 2014-06-21 22:13 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-06-21 22:13 - 2014-06-21 22:13 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-21 22:13 - 2013-07-26 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2014-06-21 22:13 - 2013-07-26 00:26 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2014-06-21 22:09 - 2014-06-21 22:07 - 27641968 _____ (Opera Software ASA) C:\Users\user\Downloads\Opera_22.0.1471.70_Setup.exe 2014-06-21 22:06 - 2014-06-21 22:06 - 00284288 _____ (Mozilla) C:\Users\user\Downloads\Firefox Setup Stub 30.0.exe 2014-06-21 21:54 - 2014-06-21 21:53 - 02953520 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-06-21 21:50 - 2014-06-21 21:50 - 00000000 ____D () C:\Users\user\Desktop\Alte Firefox-Daten 2014-06-21 21:49 - 2014-06-21 21:49 - 00053471 _____ () C:\Users\user\Desktop\bookmarks.html 2014-06-21 21:16 - 2014-06-21 21:16 - 00001251 _____ () C:\Users\user\Desktop\JRT.txt 2014-06-21 21:06 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-21 21:06 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat 2014-06-21 21:06 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat 2014-06-21 21:02 - 2014-06-21 21:02 - 00000000 ____D () C:\Windows\ERUNT 2014-06-21 21:01 - 2014-06-21 21:01 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-06-21 21:00 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster 2014-06-21 21:00 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox 2014-06-21 21:00 - 2013-04-29 15:05 - 00000000 ___RD () C:\Users\user\Dropbox 2014-06-21 21:00 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-21 20:59 - 2014-06-21 20:59 - 00008422 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt 2014-06-21 20:59 - 2014-06-21 20:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-21 20:59 - 2013-10-09 21:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job 2014-06-21 20:59 - 2013-05-02 16:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-21 20:59 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-21 20:58 - 2008-01-21 05:26 - 00289752 _____ () C:\Windows\PFRO.log 2014-06-21 20:58 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-21 20:57 - 2014-06-21 20:55 - 00000000 ____D () C:\AdwCleaner 2014-06-21 20:54 - 2014-06-21 20:54 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe 2014-06-21 20:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-06-21 20:03 - 2014-06-21 20:03 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-21 20:00 - 2014-06-21 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-21 19:46 - 2014-06-21 19:46 - 00001099 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-06-21 19:46 - 2014-06-21 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-21 19:42 - 2014-06-21 19:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe 2014-06-21 19:26 - 2013-05-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-06-21 19:26 - 2013-05-02 17:28 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-06-21 10:17 - 2013-04-30 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 10:15 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-20 22:31 - 2006-11-02 14:34 - 00000321 _____ () C:\Windows\win.ini 2014-06-20 22:04 - 2014-06-20 22:04 - 00025255 _____ () C:\Users\user\Desktop\Gmer.txt 2014-06-20 20:32 - 2014-06-20 20:32 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe 2014-06-20 20:31 - 2014-06-20 20:30 - 00046190 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:27 - 2013-06-01 00:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Audacity 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-16 20:34 - 2013-08-23 21:07 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien 2014-06-16 20:33 - 2013-04-29 15:11 - 00000000 ____D () C:\Users\user\Klettern und Wandern 2014-06-16 17:45 - 2014-06-19 23:33 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-14 17:34 - 2014-05-30 10:35 - 00000000 ____D () C:\Users\user\Radio 2014-06-13 20:00 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\user\Schule 2014-06-13 08:54 - 2014-06-12 22:39 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-13 08:54 - 2006-11-02 17:21 - 00388712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 23:08 - 2014-06-12 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:45 - 2014-06-12 22:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:45 - 2013-05-03 23:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\CyberLink 2014-06-12 22:45 - 2013-04-30 19:27 - 00105304 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 22:42 - 2013-05-02 16:14 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-06-12 22:41 - 2013-05-02 17:47 - 00000000 ____D () C:\ProgramData\CyberLink 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:33 - 2014-06-12 22:32 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-12 21:31 - 2013-08-16 18:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 21:29 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 21:28 - 2013-05-02 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 23:33 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Catrin 2014-06-05 23:15 - 2013-05-03 00:52 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-06-01 20:32 - 2013-05-03 23:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-05-31 23:14 - 2013-05-03 16:43 - 00135680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-31 23:14 - 2013-04-29 15:06 - 00000000 ____D () C:\Users\user\Fotos 2014-05-28 20:53 - 2014-06-11 17:36 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 20:37 - 2014-06-11 17:36 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 20:35 - 2014-06-11 17:36 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 20:30 - 2014-06-11 17:36 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 20:30 - 2014-06-11 17:36 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 20:29 - 2014-06-11 17:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 20:28 - 2014-06-11 17:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 20:28 - 2014-06-11 17:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 20:27 - 2014-06-11 17:36 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-28 18:48 - 2014-06-11 17:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-28 18:39 - 2014-06-11 17:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-28 18:38 - 2014-06-11 17:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-28 18:33 - 2014-06-11 17:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-28 18:32 - 2014-06-11 17:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-28 18:32 - 2014-06-11 17:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-28 18:30 - 2014-06-11 17:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-28 18:29 - 2014-06-11 17:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-05-28 18:29 - 2014-06-11 17:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-05-28 18:28 - 2014-06-11 17:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-28 18:19 - 2013-04-29 15:04 - 00000000 ____D () C:\Users\user\Documents\Aufnahmen 2014-05-28 10:53 - 2014-04-23 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-26 23:00 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Caspar Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5jnh_r.dll C:\Users\user\AppData\Local\Temp\FoxySecuritySetup.exe C:\Users\user\AppData\Local\Temp\InstallAX.exe C:\Users\user\AppData\Local\Temp\installhelper.dll C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\MSETUP4.EXE C:\Users\user\AppData\Local\Temp\ose00000.exe C:\Users\user\AppData\Local\Temp\Quarantine.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF-1.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\user\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\user\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.1-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.2-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.3-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-22 09:06 ==================== End Of Log ============================ --- --- --- Additions: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by user at 2014-06-20 20:30:48
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{41B9F54D-522D-FC5D-667C-7BCB14499EF5}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0728.1756.30366 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0728.1756.30366 - Ihr Firmenname) Hidden
Arbeitsblätter Physik Chemie (HKLM-x32\...\Arbeitsblätter Physik Chemie) (Version: 2.5 - imagon GmbH)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM-x32\...\Canon MG3200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Catalyst Control Center Localization All (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.18.03 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.18.03 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN Style Series Dokumentation (HKLM-x32\...\ZENSTYLESERIESUG) (Version: - Creative Technology Ltd.)
CyberLink PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2221 - CyberLink Corp.)
CyberLink PowerCinema (x32 Version: 6.0.2221 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
DivX Player (HKLM-x32\...\DivX Player) (Version: - )
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink)
DVDx 4.0 Open Edition (HKLM-x32\...\DVDx 4.0 Open Edition) (Version: 4.0 (Open Edition) - labDV)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: - )
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.10 - Nikon)
Plus-HD-9.1 (HKLM-x32\...\Plus-HD-9.1) (Version: 1.34.6.10 - Plus HD) <==== ATTENTION
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
ProgDVB (HKLM-x32\...\ProgDVB) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.250.908.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Remove DivX Codec (HKLM-x32\...\DivX Codec) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.0.246.0 - SMART Technologies ULC)
SMART German Language Pack (HKLM-x32\...\{5C3C89CB-A719-46C5-80C7-2E2237AD3692}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.583.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.222.0 - SMART Technologies ULC)
SpadeCast (HKLM\...\SpadeCast) (Version: 2014.06.19.011914 - SpadeCast)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.2 - Nikon)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
16-05-2014 21:38:39 Installiert "ViewNX 2"
16-05-2014 21:47:16 Installiert Panorama Maker
17-05-2014 11:54:06 Geplanter Prüfpunkt
18-05-2014 10:25:54 Windows Update
19-05-2014 18:06:10 Geplanter Prüfpunkt
21-05-2014 16:21:23 Windows Update
28-05-2014 13:16:43 Geplanter Prüfpunkt
30-05-2014 08:37:53 Windows Update
31-05-2014 13:07:08 Geplanter Prüfpunkt
01-06-2014 19:30:16 Geplanter Prüfpunkt
01-06-2014 21:41:47 Windows-Sicherung
03-06-2014 06:59:10 Windows Update
03-06-2014 07:08:36 Windows-Sicherung
07-06-2014 23:01:33 Windows Update
09-06-2014 15:17:24 Geplanter Prüfpunkt
11-06-2014 05:55:10 Windows-Sicherung
12-06-2014 19:23:09 Windows Update
12-06-2014 19:55:42 Installiert Suite
12-06-2014 20:32:40 Installiert Suite
13-06-2014 16:03:37 Geplanter Prüfpunkt
14-06-2014 10:52:19 Geplanter Prüfpunkt
16-06-2014 19:40:05 Geplanter Prüfpunkt
17-06-2014 17:14:59 Windows Update
19-06-2014 17:19:31 Geplanter Prüfpunkt
20-06-2014 18:10:43 Windows-Sicherung
==================== Hosts content: ==========================
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {05875CB5-A39F-4694-868F-B17B746E23E2} - System32\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {08A6F064-37E1-4E5C-9D6C-656E9E5AAED4} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-19] (globalUpdate) <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0D706983-DFAF-4ECC-8782-B0A0AB41F3AE} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4 => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.exe [2014-06-19] (Plus HD) <==== ATTENTION
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1F7EADC0-9005-497B-BF50-51F569B2A6AF} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2 => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.exe [2014-06-19] (Plus HD) <==== ATTENTION
Task: {24C61D21-6AA7-456A-93E4-BDA7299986A4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {26290E4D-ADC8-4980-9012-D6FDAFDF505A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {27CDF34E-AB56-441D-932B-9493DDCA9008} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5 => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.exe [2014-06-19] (Plus HD) <==== ATTENTION
Task: {4AA21635-83BE-4A7C-9013-BA50FCBD3469} - System32\Tasks\Opera scheduled Autoupdate 1389526074 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5DB32095-7425-4E99-8882-56D3916B3FF4} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7 => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-nova.exe <==== ATTENTION
Task: {7438C1DA-B5C9-4D1E-B375-4CCFB10A6A0B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {826C5854-D6E2-4AA7-83BB-A6C92962227F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8FF7C9EA-93B8-471D-8228-B27C0D625B7E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-19] (globalUpdate) <==== ATTENTION
Task: {A125BFCD-D17E-4935-A7BE-8BAD2CCD9652} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6 => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-novainstaller.exe <==== ATTENTION
Task: {A1DBDEA1-8BCA-477C-8A2D-BE549B0A4FFE} - System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1 => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-codedownloader.exe [2014-06-19] (Plus HD) <==== ATTENTION
Task: {AF582A59-9D93-441C-BECA-9AFF500D02BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {D4EE329B-5CD2-4F1E-92C4-A0505AAAD01C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F9AC9F66-8C75-48B7-AA2F-00BA0796D3A3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1.job => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.job => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.job => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.job => C:\Program Files (x86)\Plus-HD-9.1\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6.job => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7.job => C:\Program Files (x86)\Plus-HD-9.1\Plus-HD-9.1-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-02 16:15 - 2008-11-28 02:05 - 00241734 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-06-12 22:40 - 2008-11-28 02:05 - 00372831 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
2014-06-19 03:19 - 2014-06-20 18:13 - 00317728 _____ () C:\Program Files (x86)\SpadeCast\updateSpadeCast.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-28 22:52 - 2011-07-28 22:52 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2014-06-19 23:32 - 2014-06-20 06:18 - 00317728 _____ () C:\Program Files (x86)\SpadeCast\bin\utilSpadeCast.exe
2013-08-26 20:08 - 2012-10-13 16:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2014-06-12 22:40 - 2008-11-28 02:05 - 00184413 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
2011-07-28 17:44 - 2011-07-28 17:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-28 17:55 - 2011-07-28 17:55 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-19 23:33 - 2014-06-19 16:27 - 00287008 _____ () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.PurBrowse64.exe
2014-06-19 23:34 - 2014-06-20 01:27 - 00096544 _____ () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.BrowserAdapter.exe
2014-06-18 23:03 - 2014-06-18 23:03 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
2014-06-20 20:00 - 2014-06-20 20:00 - 02783232 _____ () C:\Program Files\AVAST Software\Avast\defs\14062001\algo.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00094208 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00303204 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLCapEngine.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00032768 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLCapSvcps.dll
2014-06-20 20:01 - 2014-06-20 20:01 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4lxv0v.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00127070 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLSchMgr.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00339968 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLTinyDB.dll
2013-11-18 10:26 - 2013-11-18 10:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-21 15:02 - 2008-10-21 15:02 - 00868352 ____N () C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMediaLibrary.dll
2008-10-21 15:02 - 2008-10-21 15:02 - 00007680 ____N () C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvcPS.dll
2014-06-19 23:34 - 2014-06-20 01:27 - 00183584 _____ () C:\Program Files (x86)\SpadeCast\bin\SpadeCastBAApp.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-18 23:03 - 2014-06-18 23:03 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\ffmpegsumo.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/20/2014 08:01:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/20/2014 08:00:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 06:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 30.0.0.5269, Zeitstempel 0x53914233, fehlerhaftes Modul mozalloc.dll, Version 30.0.0.5269, Zeitstempel 0x53911393, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0x14e8, Anwendungsstartzeit plugin-container.exe0.
Error: (06/20/2014 06:09:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/20/2014 06:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 11:52:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (06/20/2014 06:19:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/20/2014 06:18:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/19/2014 00:52:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/18/2014 11:41:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/18/2014 09:25:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/17/2014 11:58:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/17/2014 10:02:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/17/2014 00:18:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/16/2014 02:20:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/15/2014 11:26:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (06/20/2014 08:01:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
Error: (06/20/2014 08:00:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 06:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b14e801cf8ca2395eb10c
Error: (06/20/2014 06:09:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
Error: (06/20/2014 06:09:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 11:52:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\SoftonicDownloader_fuer_cyberlink-powercinema.exe
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\9
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\9
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\8
Error: (06/19/2014 10:32:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\USER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\53CZZ40H.DEFAULT-1387482121379\CACHE\8
CodeIntegrity Errors:
===================================
Date: 2013-05-03 23:59:23.733
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 23:59:23.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 23:59:23.604
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 23:59:23.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 23:59:23.432
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 14:31:49.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\user\Desktop\Alte Festplatte\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 14:31:49.158
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\user\Desktop\Alte Festplatte\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 14:31:49.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\user\Desktop\Alte Festplatte\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 14:31:49.018
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\user\Desktop\Alte Festplatte\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-03 14:31:48.831
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\user\Desktop\Alte Festplatte\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 7637.64 MB
Available physical RAM: 5038.55 MB
Total Pagefile: 15487.8 MB
Available Pagefile: 12676.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:236.04 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:593.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1023DD91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
22.06.2014, 09:47
| #4 |
| | Windows Version Installer Hier noch der Rest: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-22 10:02:06 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AZRX-00A8LB0 rev.01.01A01 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\winlogon.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\svchost.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\System32\svchost.exe[380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[12] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\svchost.exe[1056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\taskeng.exe[2224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Windows\system32\taskeng.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[2872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[3040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe[2688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[2992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe[3112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe[3364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe[3396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe[3540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[3904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Windows\SysWOW64\IoctlSvc.exe[4004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe[4068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe[2812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe[3272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3192] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe[1880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe[4244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Windows\ehome\ehRecvr.exe[2468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\SysWOW64\conime.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] .text C:\Windows\explorer.exe[6076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\splwow64.exe[4792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Windows\system32\taskeng.exe[5788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077662f42 1 byte [62] .text C:\Users\user\Desktop\Gmer-19357.exe[6996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075594760 1 byte [62] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9AFC6B8-544C-4B66-A394-30DD503918A6}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [380] (Microsoft Malware Protection Engine/Microsoft Corporation)(2014-06-20 16:14:30) 000007fef91f0000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9AFC6B8-544C-4B66-A394-30DD503918A6}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [380] (Offline registry DLL/Microsoft Corporation)(2014-06-22 00:00:42) 000007fefc8e0000 Process C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992] (Dropbox/Dropbox, Inc.)(2014-05-20 00:45:22) 0000000000400000 Library C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992](2014-01-03 01:09:26) 0000000003fd0000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5jnh_r.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992](2014-06-21 19:00:02) 0000000003ec0000 Library C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992](2013-08-23 19:01:44) 0000000062080000 Library C:\Users\user\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2992] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000607d0000 Library C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01_64.key (*** suspicious ***) @ C:\Windows\ehome\ehRecvr.exe [2468] (Individualized Black Box DLL/Microsoft Corporation)(2013-05-02 15:34:39) 000000000ac00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bacc01b8-9bf8-41ae-b737-d23e78f35e78}@Dhcpv6State 0 ---- EOF - GMER 2.1 ---- Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 21/06/2014 um 20:57:08
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Downloads\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : Util SpadeCast
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Conduit
[!] Ordner Gelöscht : C:\Program Files (x86)\Conduit
[!] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[!] Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
[!] Ordner Gelöscht : C:\Program Files (x86)\SpadeCast
[!] Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
[!] Ordner Gelöscht : C:\users\user\AppData\Local\Conduit
[!] Ordner Gelöscht : C:\users\user\AppData\Local\DownloadGuide
[!] Ordner Gelöscht : C:\users\user\AppData\Local\globalUpdate
[!] Ordner Gelöscht : C:\users\user\AppData\LocalLow\Conduit
[!] Ordner Gelöscht : C:\users\user\AppData\Roaming\VOPackage
Datei Gelöscht : C:\END
Datei Gelöscht : C:\users\user\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\users\user\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16555
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\prefs.js ]
Zeile gelöscht : user_pref("CT3317892.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3317892.UserID", "UN41365351378678156");
Zeile gelöscht : user_pref("CT3317892.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3317892.fullUserID", "UN41365351378678156.IN.20131230105714");
Zeile gelöscht : user_pref("CT3317892.installDate", "30/12/2013 10:57:17");
Zeile gelöscht : user_pref("CT3317892.installSessionId", "{DEE280BC-78E9-4C6A-B596-A3A720C32B16}");
Zeile gelöscht : user_pref("CT3317892.installSp", "TRUE");
Zeile gelöscht : user_pref("CT3317892.installerVersion", "1.8.1.4");
Zeile gelöscht : user_pref("CT3317892.keyword", "true");
Zeile gelöscht : user_pref("CT3317892.originalHomepage", "about:home");
Zeile gelöscht : user_pref("CT3317892.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3317892.originalSearchEngine", "");
Zeile gelöscht : user_pref("CT3317892.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3317892.searchRevert", "true");
Zeile gelöscht : user_pref("CT3317892.searchUninstallUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3317892.toolbarInstallDate", "30-12-2013 10:57:14");
Zeile gelöscht : user_pref("CT3317892.versionFromInstaller", "10.23.0.722");
Zeile gelöscht : user_pref("CT3317892.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3317892&octid=CT3317892&SearchSource=61&CUI=UN41365351378678156&UM=2&UP=SP92053214-50B5-411D-A60A-7346033DC42B");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("extensions.aa54e453c130a47699333c5ec2aa914c59bd7cc899c7c44e9a03b042b92d363f0com52916.52916.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3317892");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317892&CUI=UN41365351378678156&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3317892&octid=CT3317892&SearchSource[...]
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN41365351378678156&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317892");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3317892");
Zeile gelöscht : user_pref("smartbar.machineId", "YVUUOX9Z4ZL2ZXWWRW+EHK+/MPPZ64AAGMOLMHK3LQYLDOF6VMEN7GDYOMNR0/HBTUOE6GJ3GKSPTADHXNXYLA");
Zeile gelöscht : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317892&CUI=UN41365351378678156&UM=2&SearchSource=13");
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M8FCD80A1-8596-42F6-849E-5FEE804D5EDC&SearchSource=58&CUI=&UM=5&UP=SP22E04FBA-A702-4F53-8B07-2E8EFFF3089A&q={searchTerms}&SSPV=
Gelöscht [Extension] : aaipilfmheplbcghignccoiiebekkdhe
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [9145 octets] - [21/06/2014 20:55:49]
AdwCleaner[S0].txt - [8274 octets] - [21/06/2014 20:57:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8334 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by user on 21.06.2014 at 21:02:19,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FEF01FDC-AF2E-4059-85DA-D6F23A6CEC77}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\53czz40h.default-1387482121379\minidumps [24 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2014 at 21:16:37,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\Chrome\CT3317892\CHUninstaller.exe.vir Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Alte Festplatte\Users\Dabu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02914L85\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Alte Festplatte\Users\Dabu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3YMOMRJ\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Alte Festplatte\Users\Dabu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEF79JB2\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Alte Festplatte\Users\Dabu\AppData\Local\Temp\AskSLib.dll Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Alte Festplatte\Users\Dabu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\b816210-3f5a02ea Java/Exploit.Agent.NRX Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\user\Anwendungen\Nero8.exe Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\AppData\Local\Temp\AskSLib.dll Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\AppData\Local\Temp\nsmCC0.tmp\nsUtils.dll Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\user\Downloads\download_audiograbber.exe Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
Löschel |
|
22.06.2014, 19:59
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.06.2014, 21:11
| #6 |
| | Windows Version Installer Hier ist das Logfile: Code:
ATTFilter ComboFix 14-06-21.02 - user 22.06.2014 21:40:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.7638.4683 [GMT 2:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\user\AppData\Local\assembly\tmp
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0C86B165-CEC6-4588-B3F9-2449DC6B1B75}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A95B3D7-0B1D-4D40-BEEE-B5EF38FA34CA}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{346E1375-92B4-46FA-822A-E336169AE0DB}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C785A59-BE3F-4D6B-896F-4D6079945917}.xps
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-22 bis 2014-06-22 ))))))))))))))))))))))))))))))
.
.
2014-06-22 19:59 . 2014-06-22 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-22 19:37 . 2014-06-22 19:38 -------- d-----w- C:\32788R22FWJFW
2014-06-22 00:00 . 2014-06-22 00:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9AFC6B8-544C-4B66-A394-30DD503918A6}\offreg.dll
2014-06-21 22:09 . 2014-06-21 22:09 -------- d-----w- c:\program files (x86)\ESET
2014-06-21 20:56 . 2014-06-21 20:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-06-21 20:13 . 2014-06-21 20:13 -------- d-----w- c:\program files (x86)\Opera
2014-06-21 19:02 . 2014-06-21 19:02 -------- d-----w- c:\windows\ERUNT
2014-06-21 18:56 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-21 18:55 . 2014-06-21 18:57 -------- d-----w- C:\AdwCleaner
2014-06-21 18:04 . 2014-06-22 19:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-21 18:03 . 2014-06-21 18:03 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-21 18:03 . 2014-06-21 18:03 -------- d-----w- c:\programdata\Malwarebytes
2014-06-21 18:03 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-21 18:03 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-21 18:03 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-21 17:46 . 2014-06-21 17:46 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-20 18:29 . 2014-06-22 07:20 -------- d-----w- C:\FRST
2014-06-20 16:14 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9AFC6B8-544C-4B66-A394-30DD503918A6}\mpengine.dll
2014-06-19 21:33 . 2014-06-16 15:45 60088 ----a-w- c:\windows\system32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys
2014-06-19 20:32 . 2014-06-19 20:32 -------- d-----w- c:\program files (x86)\Audiograbber
2014-06-12 20:46 . 2014-06-12 20:46 -------- d-----w- c:\users\user\AppData\Local\Powercinema
2014-06-12 20:42 . 2014-06-21 08:15 -------- d-----w- c:\users\user\AppData\Roaming\Security Systems
2014-06-12 20:41 . 2014-06-12 21:08 -------- d-----w- c:\users\user\AppData\Local\TVEnhance
2014-06-12 20:40 . 2008-11-28 00:05 95232 ----a-w- c:\windows\SysWow64\oCLWatson.exe
2014-06-12 20:40 . 2008-11-28 00:05 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2014-06-12 20:39 . 2014-06-13 06:54 -------- d-----w- c:\users\user\AppData\Local\PlayMovie
2014-06-12 20:38 . 2014-06-12 20:45 -------- d-----w- c:\users\user\AppData\Roaming\PowerCinema
2014-05-30 08:35 . 2014-06-22 11:36 -------- d-----w- c:\users\user\Radio
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 19:29 . 2006-11-02 12:35 95414520 ----a-w- c:\windows\system32\mrt.exe
2014-05-16 21:39 . 2014-05-16 21:39 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-05-15 17:30 . 2013-05-02 14:37 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 17:30 . 2013-05-02 14:37 64752 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-15 17:30 . 2013-05-02 14:37 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-14 18:04 . 2013-05-02 20:06 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 18:04 . 2013-05-02 20:06 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-23 16:35 . 2013-05-02 14:37 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-23 16:35 . 2013-05-02 14:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-23 16:35 . 2014-04-23 16:35 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-23 16:35 . 2013-05-02 14:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-23 16:35 . 2013-05-02 14:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-23 16:35 . 2013-05-02 14:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-23 16:35 . 2014-04-23 16:35 43152 ----a-w- c:\windows\avastSS.scr
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 07:35 . 2013-05-02 13:41 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 16:30 . 2014-05-14 18:32 12900864 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-10-13 42496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2008-10-21 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-10-21 196608]
"PlayMovie"="c:\program files (x86)\CyberLink\PlayMovie\PMVService.exe" [2008-09-24 172032]
"TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2008-11-28 180224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S3 3xHybr64;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - kxldapob
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 21:16 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 18:04]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18 20:41]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-23 16:35 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgb2ug3m.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MWAC]
"ImagePath"="\??\c:\windows\system32\drivers\"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2014-06-22 22:02:41
ComboFix-quarantined-files.txt 2014-06-22 20:02
.
Vor Suchlauf: 11 Verzeichnis(se), 250.464.862.208 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 253.468.852.224 Bytes frei
.
- - End Of File - - 94649B3261EEFAA9C55D1E3B63A30C61
5C616939100B85E558DA92B899A0FC36
|
|
23.06.2014, 08:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2014, 12:18
| #8 |
| | Windows Version Installer Hier sind die Logs: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014 Ran by user (administrator) on USER-PC on 23-06-2014 13:13:46 Running from C:\Users\user\Desktop Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\sdclt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG) HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2186096 2012-03-21] (SMART Technologies) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-10-21] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-10-21] (CyberLink) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe [172032 2008-09-24] (CyberLink Corp.) HKLM-x32\...\Run: [TVEService] => C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe [180224 2008-11-28] (CyberLink Corp.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD56ED78C9597CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgb2ug3m.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=avastbcl" CHR NewTab: "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26] CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\user\AppData\Local\Temp\CT3317892.crx [2013-08-26] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed] S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-11-28] () [File not signed] R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies) R2 TVECapSvc; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [372831 2008-11-28] () [File not signed] R2 TVESched; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [184413 2008-11-28] () [File not signed] ==================== Drivers (Whitelisted) ==================== R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1305056 2009-09-24] (NXP Semiconductors Germany GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-04-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] () S1 Beep; No ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [32240 2008-05-16] (Cyberlink Corp.) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-23 12:30 - 2014-06-23 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-22 22:09 - 2014-06-22 22:09 - 00019968 _____ () C:\Users\user\Desktop\Combofix.txt 2014-06-22 22:02 - 2014-06-22 22:02 - 00019968 _____ () C:\ComboFix.txt 2014-06-22 21:38 - 2014-06-22 22:02 - 00000000 ____D () C:\Qoobox 2014-06-22 21:38 - 2014-06-22 22:02 - 00000000 ____D () C:\ComboFix 2014-06-22 21:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-22 21:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-22 21:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-22 21:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-22 21:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-22 21:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-22 21:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-22 21:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-22 21:37 - 2014-06-22 22:00 - 00000000 ____D () C:\Windows\erdnt 2014-06-22 21:37 - 2014-06-22 21:38 - 00000000 ____D () C:\32788R22FWJFW 2014-06-22 21:33 - 2014-06-22 21:34 - 05209566 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-22 09:14 - 2014-06-23 13:13 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-22 09:01 - 2014-06-22 09:01 - 00003056 _____ () C:\Windows\System32\Tasks\{2FB2F2B0-005E-4984-A3DB-81931D588C72} 2014-06-22 08:58 - 2014-06-22 08:58 - 00002604 _____ () C:\Users\user\Desktop\eset.txt 2014-06-21 23:59 - 2014-06-21 23:59 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-21 22:56 - 2014-06-21 22:56 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-21 22:13 - 2014-06-21 22:13 - 00003886 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403381614 2014-06-21 22:13 - 2014-06-21 22:13 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-06-21 22:13 - 2014-06-21 22:13 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-21 22:07 - 2014-06-21 22:09 - 27641968 _____ (Opera Software ASA) C:\Users\user\Downloads\Opera_22.0.1471.70_Setup.exe 2014-06-21 22:06 - 2014-06-21 22:06 - 00284288 _____ (Mozilla) C:\Users\user\Downloads\Firefox Setup Stub 30.0.exe 2014-06-21 21:53 - 2014-06-21 21:54 - 02953520 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-06-21 21:50 - 2014-06-21 21:50 - 00000000 ____D () C:\Users\user\Desktop\Alte Firefox-Daten 2014-06-21 21:49 - 2014-06-21 21:49 - 00053471 _____ () C:\Users\user\Desktop\bookmarks.html 2014-06-21 21:16 - 2014-06-21 21:16 - 00001251 _____ () C:\Users\user\Desktop\JRT.txt 2014-06-21 21:02 - 2014-06-21 21:02 - 00000000 ____D () C:\Windows\ERUNT 2014-06-21 21:01 - 2014-06-21 21:01 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-06-21 20:59 - 2014-06-21 20:59 - 00008422 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt 2014-06-21 20:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-21 20:55 - 2014-06-21 20:57 - 00000000 ____D () C:\AdwCleaner 2014-06-21 20:54 - 2014-06-21 20:54 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe 2014-06-21 20:04 - 2014-06-23 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-21 20:03 - 2014-06-21 20:03 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-21 20:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-21 20:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-21 19:58 - 2014-06-21 20:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-21 19:46 - 2014-06-21 19:46 - 00001099 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-06-21 19:46 - 2014-06-21 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-21 19:41 - 2014-06-21 19:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe 2014-06-20 22:04 - 2014-06-22 10:03 - 00019609 _____ () C:\Users\user\Desktop\Gmer.txt 2014-06-20 20:32 - 2014-06-20 20:32 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe 2014-06-20 20:30 - 2014-06-20 20:31 - 00046190 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-20 20:29 - 2014-06-23 13:14 - 00024598 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-20 20:29 - 2014-06-23 13:13 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-22 09:19 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe 2014-06-19 23:51 - 2014-06-23 13:13 - 02082816 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-19 23:35 - 2014-06-22 14:56 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:33 - 2014-06-16 17:45 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:42 - 2014-06-21 10:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:41 - 2014-06-12 23:08 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:40 - 2008-11-28 02:05 - 00095232 _____ (CyberLink) C:\Windows\SysWOW64\oCLWatson.exe 2014-06-12 22:40 - 2008-11-28 02:05 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll 2014-06-12 22:40 - 2008-11-28 02:05 - 00000917 _____ () C:\Windows\SysWOW64\CLWatson.ini 2014-06-12 22:39 - 2014-06-13 08:54 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-12 22:38 - 2014-06-12 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:32 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-11 17:36 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 17:36 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 17:36 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 17:36 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-11 17:36 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 17:36 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 17:36 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 17:36 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 17:36 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 17:36 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-06-11 17:36 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 17:36 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 17:36 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 17:36 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 17:36 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 17:36 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-05-30 10:35 - 2014-06-22 13:36 - 00000000 ____D () C:\Users\user\Radio ==================== One Month Modified Files and Folders ======= 2014-06-23 13:14 - 2014-06-20 20:29 - 00024598 _____ () C:\Users\user\Desktop\FRST.txt 2014-06-23 13:13 - 2014-06-22 09:14 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion 2014-06-23 13:13 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-23 13:13 - 2014-06-19 23:51 - 02082816 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2014-06-23 13:03 - 2013-05-03 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-23 12:37 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-23 12:37 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat 2014-06-23 12:37 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat 2014-06-23 12:33 - 2008-01-21 03:53 - 01737862 _____ () C:\Windows\WindowsUpdate.log 2014-06-23 12:31 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox 2014-06-23 12:31 - 2013-04-29 15:05 - 00000000 ___RD () C:\Users\user\Dropbox 2014-06-23 12:30 - 2014-06-23 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-23 12:30 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster 2014-06-23 12:30 - 2013-10-09 21:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job 2014-06-23 12:30 - 2013-05-02 16:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-23 12:30 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-23 12:29 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 12:29 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-23 12:29 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-23 08:49 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-23 08:22 - 2008-01-21 05:26 - 00291886 _____ () C:\Windows\PFRO.log 2014-06-23 00:30 - 2014-06-21 20:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-23 00:29 - 2013-08-18 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-22 22:23 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\user\Schule 2014-06-22 22:09 - 2014-06-22 22:09 - 00019968 _____ () C:\Users\user\Desktop\Combofix.txt 2014-06-22 22:02 - 2014-06-22 22:02 - 00019968 _____ () C:\ComboFix.txt 2014-06-22 22:02 - 2014-06-22 21:38 - 00000000 ____D () C:\Qoobox 2014-06-22 22:02 - 2014-06-22 21:38 - 00000000 ____D () C:\ComboFix 2014-06-22 22:02 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default 2014-06-22 22:00 - 2014-06-22 21:37 - 00000000 ____D () C:\Windows\erdnt 2014-06-22 22:00 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-22 21:38 - 2014-06-22 21:37 - 00000000 ____D () C:\32788R22FWJFW 2014-06-22 21:34 - 2014-06-22 21:33 - 05209566 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe 2014-06-22 21:31 - 2013-05-03 23:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-06-22 19:16 - 2013-10-13 17:46 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64 2014-06-22 19:16 - 2013-08-18 22:41 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-22 14:56 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-22 14:25 - 2013-06-01 00:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Audacity 2014-06-22 13:36 - 2014-05-30 10:35 - 00000000 ____D () C:\Users\user\Radio 2014-06-22 10:03 - 2014-06-20 22:04 - 00019609 _____ () C:\Users\user\Desktop\Gmer.txt 2014-06-22 09:19 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log 2014-06-22 09:01 - 2014-06-22 09:01 - 00003056 _____ () C:\Windows\System32\Tasks\{2FB2F2B0-005E-4984-A3DB-81931D588C72} 2014-06-22 08:58 - 2014-06-22 08:58 - 00002604 _____ () C:\Users\user\Desktop\eset.txt 2014-06-22 02:39 - 2013-05-06 20:44 - 00000000 ____D () C:\Users\user\Anwendungen 2014-06-21 23:59 - 2014-06-21 23:59 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe 2014-06-21 22:56 - 2014-06-21 22:56 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-21 22:56 - 2014-06-21 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-21 22:13 - 2014-06-21 22:13 - 00003886 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403381614 2014-06-21 22:13 - 2014-06-21 22:13 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-06-21 22:13 - 2014-06-21 22:13 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-21 22:13 - 2013-07-26 00:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2014-06-21 22:13 - 2013-07-26 00:26 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2014-06-21 22:09 - 2014-06-21 22:07 - 27641968 _____ (Opera Software ASA) C:\Users\user\Downloads\Opera_22.0.1471.70_Setup.exe 2014-06-21 22:06 - 2014-06-21 22:06 - 00284288 _____ (Mozilla) C:\Users\user\Downloads\Firefox Setup Stub 30.0.exe 2014-06-21 21:54 - 2014-06-21 21:53 - 02953520 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-06-21 21:50 - 2014-06-21 21:50 - 00000000 ____D () C:\Users\user\Desktop\Alte Firefox-Daten 2014-06-21 21:49 - 2014-06-21 21:49 - 00053471 _____ () C:\Users\user\Desktop\bookmarks.html 2014-06-21 21:16 - 2014-06-21 21:16 - 00001251 _____ () C:\Users\user\Desktop\JRT.txt 2014-06-21 21:02 - 2014-06-21 21:02 - 00000000 ____D () C:\Windows\ERUNT 2014-06-21 21:01 - 2014-06-21 21:01 - 01016261 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-06-21 20:59 - 2014-06-21 20:59 - 00008422 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt 2014-06-21 20:57 - 2014-06-21 20:55 - 00000000 ____D () C:\AdwCleaner 2014-06-21 20:54 - 2014-06-21 20:54 - 01333465 _____ () C:\Users\user\Downloads\adwcleaner_3.212.exe 2014-06-21 20:51 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-06-21 20:03 - 2014-06-21 20:03 - 00000941 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-21 20:00 - 2014-06-21 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-21 19:46 - 2014-06-21 19:46 - 00001099 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk 2014-06-21 19:46 - 2014-06-21 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-21 19:42 - 2014-06-21 19:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe 2014-06-21 19:26 - 2013-05-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-06-21 19:26 - 2013-05-02 17:28 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-06-21 10:17 - 2013-04-30 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 10:15 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-20 22:31 - 2006-11-02 14:34 - 00000321 _____ () C:\Windows\win.ini 2014-06-20 20:32 - 2014-06-20 20:32 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe 2014-06-20 20:31 - 2014-06-20 20:30 - 00046190 _____ () C:\Users\user\Desktop\Addition.txt 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-16 20:34 - 2013-08-23 21:07 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien 2014-06-16 20:33 - 2013-04-29 15:11 - 00000000 ____D () C:\Users\user\Klettern und Wandern 2014-06-16 17:45 - 2014-06-19 23:33 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-13 08:54 - 2014-06-12 22:39 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-13 08:54 - 2006-11-02 17:21 - 00388712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 23:08 - 2014-06-12 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:45 - 2014-06-12 22:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:45 - 2013-05-03 23:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\CyberLink 2014-06-12 22:45 - 2013-04-30 19:27 - 00105304 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 22:42 - 2013-05-02 16:14 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-06-12 22:41 - 2013-05-02 17:47 - 00000000 ____D () C:\ProgramData\CyberLink 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:33 - 2014-06-12 22:32 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-12 21:31 - 2013-08-16 18:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 21:29 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 21:28 - 2013-05-02 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 23:33 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Catrin 2014-06-05 23:15 - 2013-05-03 00:52 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-05-31 23:14 - 2013-05-03 16:43 - 00135680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-31 23:14 - 2013-04-29 15:06 - 00000000 ____D () C:\Users\user\Fotos 2014-05-28 20:53 - 2014-06-11 17:36 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 20:37 - 2014-06-11 17:36 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 20:35 - 2014-06-11 17:36 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 20:30 - 2014-06-11 17:36 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 20:30 - 2014-06-11 17:36 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 20:29 - 2014-06-11 17:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 20:28 - 2014-06-11 17:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 20:28 - 2014-06-11 17:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 20:27 - 2014-06-11 17:36 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-28 18:48 - 2014-06-11 17:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-28 18:39 - 2014-06-11 17:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-28 18:38 - 2014-06-11 17:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-28 18:33 - 2014-06-11 17:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-28 18:32 - 2014-06-11 17:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-28 18:32 - 2014-06-11 17:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-28 18:30 - 2014-06-11 17:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-28 18:29 - 2014-06-11 17:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-05-28 18:29 - 2014-06-11 17:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-05-28 18:28 - 2014-06-11 17:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-28 18:19 - 2013-04-29 15:04 - 00000000 ____D () C:\Users\user\Documents\Aufnahmen 2014-05-28 10:53 - 2014-04-23 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-26 23:00 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Caspar Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\user\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7eobe.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-23 12:36 ==================== End Of Log ============================ --- --- --- und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by user at 2014-06-23 13:14:33
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{41B9F54D-522D-FC5D-667C-7BCB14499EF5}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0728.1756.30366 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0728.1756.30366 - Ihr Firmenname) Hidden
Arbeitsblätter Physik Chemie (HKLM-x32\...\Arbeitsblätter Physik Chemie) (Version: 2.5 - imagon GmbH)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM-x32\...\Canon MG3200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Catalyst Control Center Localization All (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.18.03 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.18.03 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN Style Series Dokumentation (HKLM-x32\...\ZENSTYLESERIESUG) (Version: - Creative Technology Ltd.)
CyberLink PowerCinema (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2221 - CyberLink Corp.)
CyberLink PowerCinema (x32 Version: 6.0.2221 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink)
DVDx 4.0 Open Edition (HKLM-x32\...\DVDx 4.0 Open Edition) (Version: 4.0 (Open Edition) - labDV)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.10 - Nikon)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.250.908.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Remove DivX Codec (HKLM-x32\...\DivX Codec) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.0.246.0 - SMART Technologies ULC)
SMART German Language Pack (HKLM-x32\...\{5C3C89CB-A719-46C5-80C7-2E2237AD3692}) (Version: 11.0.50.1 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.583.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.222.0 - SMART Technologies ULC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.2 - Nikon)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
21-05-2014 16:21:23 Windows Update
28-05-2014 13:16:43 Geplanter Prüfpunkt
30-05-2014 08:37:53 Windows Update
31-05-2014 13:07:08 Geplanter Prüfpunkt
01-06-2014 19:30:16 Geplanter Prüfpunkt
01-06-2014 21:41:47 Windows-Sicherung
03-06-2014 06:59:10 Windows Update
03-06-2014 07:08:36 Windows-Sicherung
07-06-2014 23:01:33 Windows Update
09-06-2014 15:17:24 Geplanter Prüfpunkt
11-06-2014 05:55:10 Windows-Sicherung
12-06-2014 19:23:09 Windows Update
12-06-2014 19:55:42 Installiert Suite
12-06-2014 20:32:40 Installiert Suite
13-06-2014 16:03:37 Geplanter Prüfpunkt
14-06-2014 10:52:19 Geplanter Prüfpunkt
16-06-2014 19:40:05 Geplanter Prüfpunkt
17-06-2014 17:14:59 Windows Update
19-06-2014 17:19:31 Geplanter Prüfpunkt
20-06-2014 18:10:43 Windows-Sicherung
21-06-2014 08:17:16 Entfernt Panorama Maker
21-06-2014 17:47:48 Revo Uninstaller's restore point - Installer
21-06-2014 17:53:14 Revo Uninstaller's restore point - Plus-HD-9.1
21-06-2014 17:55:22 Revo Uninstaller's restore point - ProgDVB
21-06-2014 20:01:04 Revo Uninstaller's restore point - Mozilla Firefox 30.0 (x86 de)
21-06-2014 20:10:06 Revo Uninstaller's restore point - Opera Stable 22.0.1471.70
23-06-2014 11:01:49 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 14:34 - 2014-06-22 21:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {05875CB5-A39F-4694-868F-B17B746E23E2} - System32\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {08A6F064-37E1-4E5C-9D6C-656E9E5AAED4} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {24C61D21-6AA7-456A-93E4-BDA7299986A4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {26290E4D-ADC8-4980-9012-D6FDAFDF505A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {67932CA7-C0B5-4AB1-A4CE-1258D60EDECA} - System32\Tasks\Opera scheduled Autoupdate 1403381614 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {7438C1DA-B5C9-4D1E-B375-4CCFB10A6A0B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {826C5854-D6E2-4AA7-83BB-A6C92962227F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8FF7C9EA-93B8-471D-8228-B27C0D625B7E} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {AF582A59-9D93-441C-BECA-9AFF500D02BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-23] (AVAST Software)
Task: {D4EE329B-5CD2-4F1E-92C4-A0505AAAD01C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F9AC9F66-8C75-48B7-AA2F-00BA0796D3A3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-07-28 22:52 - 2011-07-28 22:52 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-08-26 20:08 - 2012-10-13 16:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2013-05-02 16:15 - 2008-11-28 02:05 - 00241734 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-06-12 22:40 - 2008-11-28 02:05 - 00372831 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
2014-06-12 22:40 - 2008-11-28 02:05 - 00184413 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
2011-07-28 17:44 - 2011-07-28 17:44 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-28 17:55 - 2011-07-28 17:55 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-06-21 22:13 - 2014-06-16 10:24 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
2014-06-23 12:30 - 2014-06-23 12:30 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062300\algo.dll
2014-06-23 12:30 - 2014-06-23 12:30 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7eobe.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2013-05-02 16:15 - 2008-11-28 02:05 - 00028672 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2013-11-18 10:26 - 2013-11-18 10:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00094208 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00303204 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLCapEngine.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00032768 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLCapSvcps.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00127070 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLSchMgr.dll
2014-06-12 22:40 - 2008-11-28 02:05 - 00339968 ____N () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\CLTinyDB.dll
2008-10-21 15:02 - 2008-10-21 15:02 - 00868352 ____N () C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMediaLibrary.dll
2008-10-21 15:02 - 2008-10-21 15:02 - 00007680 ____N () C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvcPS.dll
2014-06-21 22:13 - 2014-06-16 10:25 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2014 00:30:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2014 08:22:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2014 08:22:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/22/2014 10:08:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/22/2014 09:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung PEV.exe, Version 0.0.0.0, Zeitstempel 0x4e06cfe8, fehlerhaftes Modul PEV.exe, Version 0.0.0.0, Zeitstempel 0x4e06cfe8, Ausnahmecode 0x40000015, Fehleroffset 0x0008d1c0,
Prozess-ID 0x1568, Anwendungsstartzeit PEV.exe0.
Error: (06/22/2014 07:15:22 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Dateisicherung ist aufgrund eines Fehlers beim Schreiben in das Sicherungsziel F:\ fehlgeschlagen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und die Hardwarekonfiguration. (0x81000006)
Error: (06/22/2014 01:10:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/22/2014 09:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/22/2014 09:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (06/22/2014 00:09:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
System errors:
=============
Error: (06/23/2014 00:30:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (06/23/2014 08:49:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/23/2014 08:23:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
Error: (06/23/2014 00:31:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/22/2014 09:59:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/22/2014 09:58:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/22/2014 09:49:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/22/2014 01:03:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D293D653-AB02-4841-8527-3B7A1573C4D3}
Error: (06/22/2014 11:19:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (06/23/2014 00:30:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2014 08:22:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2014 08:22:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
Error: (06/22/2014 10:08:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe
Error: (06/22/2014 09:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PEV.exe0.0.0.04e06cfe8PEV.exe0.0.0.04e06cfe8400000150008d1c0156801cf8e52cd148410
Error: (06/22/2014 07:15:22 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und die Hardwarekonfiguration. (0x81000006)
Error: (06/22/2014 01:10:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe
Error: (06/22/2014 09:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe
Error: (06/22/2014 09:01:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe
Error: (06/22/2014 00:09:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-06-23 13:14:27.719
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:27.439
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:27.200
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:26.964
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:26.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:26.344
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:26.107
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:25.814
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:14:00.217
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-23 13:13:59.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 7637.64 MB
Available physical RAM: 5620.18 MB
Total Pagefile: 15493.8 MB
Available Pagefile: 13279.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:234.5 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1023DD91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2014, 12:25
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib)
C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {08A6F064-37E1-4E5C-9D6C-656E9E5AAED4} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {8FF7C9EA-93B8-471D-8228-B27C0D625B7E} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.06.2014, 19:36
| #10 |
| | Windows Version Installer Hier ist der Fixlog.txt . Der Rechner machte übrigens von alleine einen Neustart. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by user at 2014-06-23 20:32:32 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib)
C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {08A6F064-37E1-4E5C-9D6C-656E9E5AAED4} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {8FF7C9EA-93B8-471D-8228-B27C0D625B7E} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
*****************
{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64 => Unable to stop service
{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64 => Service deleted successfully.
C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys => Moved successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08A6F064-37E1-4E5C-9D6C-656E9E5AAED4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A6F064-37E1-4E5C-9D6C-656E9E5AAED4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FF7C9EA-93B8-471D-8228-B27C0D625B7E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FF7C9EA-93B8-471D-8228-B27C0D625B7E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
|
|
24.06.2014, 07:01
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2014, 19:42
| #12 |
| | Windows Version Installer Hier sind die Kontrollscans: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.06.2014 Suchlauf-Zeit: 12:14:47 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.24.04 Rootkit Datenbank: v2014.06.23.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: user Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293683 Verstrichene Zeit: 8 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=02e7827a1008954a980db6919c9360d0
# engine=18855
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-24 04:51:46
# local_time=2014-06-24 06:51:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1446916 168052796 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 30944 241152612 0 0
# scanned=268943
# found=13
# cleaned=0
# scan_time=22320
sh=6BD399414E82741AC1FC7FB77D78A186BEDD76A2 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2013-05-13 155308\Backup files 17.zip"
sh=93A2DDE95F7867FAE41AB173A38EB390AFDDE980 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2013-05-13 155308\Backup files 8.zip"
sh=F438F0C56646FBE03308517DC635F910A10C3FDB ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2013-05-13 155308\Backup files 9.zip"
sh=2E13DD347C7F87DC28240AB9460FA79266FDBA23 ft=0 fh=0000000000000000 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-02-09 212935\Backup files 2.zip"
sh=1982C5778BF843103493D7D3A6F156E92204A3C2 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-04-06 222138\Backup files 2.zip"
sh=CCEE49B5EA496B4B7E4DE0096943C89F0849F476 ft=0 fh=0000000000000000 vn="Win32/Somoto.N evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-04-06 222138\Backup files 5.zip"
sh=D11269EBB15BA87B48D2A840FDE9E5762A1AE508 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-04-16 222441\Backup files 2.zip"
sh=B09BA1EFB7F110894211A7F5C72D7209892D742B ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-05-06 175016\Backup files 2.zip"
sh=2935607A8E50A072D25E1AC20E8845D0FC081E28 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-05-11 224140\Backup files 1.zip"
sh=AA881E5C1A4B7B25130171C761326368EFBDE1ED ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-05-11 224140\Backup files 10.zip"
sh=FD88FBD36CDDCA139E8EC7965D433A75AAC1C4D6 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-05-11 224140\Backup files 2.zip"
sh=55EF1CE06F90AFFA53B1EE2AAD41418AB203626C ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-06-01 234144\Backup files 3.zip"
sh=A3A685B8F17030B892ED2D5C3402C8A8948F98D1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\USER-PC\Backup Set 2013-05-13 155308\Backup Files 2014-06-20 201041\Backup files 2.zip"
|
|
24.06.2014, 19:48
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Nur Funde in älteren Backup-Sets. Wenn du das Backup nicht mehr willst, dann lösch es. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2014, 22:09
| #14 |
| | Windows Version Installer Hallo cosinus, ganz großen Dank für deine Hilfe. Ich merke keine "Merkwürdigkeiten" mehr, es scheint also tatsächlich alles wieder ok zu sein. Danke auch für die Tipps bezüglich der Cookies. Muss ich bei defogger eigentlich noch einmal auf "Re-enable" klicken? Beste Grüße Löschel |
|
25.06.2014, 08:03
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Version Installer Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
