| |
| |||||||
Log-Analyse und Auswertung: Windows Version InstallerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.06.2014, 21:44
| #1 |
 |  Windows Version Installer Leider ist auch bei mir der schon mehrfach beschriebene Windows Version Installer aufgetaucht. Ich habe wie in der Beschreibung empfohlen schon einmal defogger, FRST und GMER laufen lassen (s.u. bzw. Anhänge). Außerdem passiert es, dass beim Klicken auf eine Internetseite sich eine weitere Seite öffnet. Ich habe ein Bildschirmfoto dieser Seite angehängt. Ebenfalls angehängt habe ich ein Bildschirmfoto meines Virencontainers bei Avast (ich habe diesen leider nicht anders gespeichert bekommen). Ich würde mich sehr freuen, wenn mir bei der Behebung des Problems geholfen werden könnte. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014 Ran by user (administrator) on USER-PC on 20-06-2014 20:29:42 Running from C:\Users\user\Downloads Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () C:\Program Files (x86)\SpadeCast\updateSpadeCast.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe () C:\Program Files (x86)\SpadeCast\bin\utilSpadeCast.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.PurBrowse64.exe () C:\Program Files (x86)\SpadeCast\bin\SpadeCast.BrowserAdapter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG) HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2186096 2012-03-21] (SMART Technologies) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-10-21] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-10-21] (CyberLink) HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe [172032 2008-09-24] (CyberLink Corp.) HKLM-x32\...\Run: [TVEService] => C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe [180224 2008-11-28] (CyberLink Corp.) HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd) HKU\S-1-5-21-1633445078-1354391935-4163065709-1000\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * aswBoot.exe /M:5a8166bc /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD56ED78C9597CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {FEF01FDC-AF2E-4059-85DA-D6F23A6CEC77} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317892&CUI=UN24205133882934632&UM=2 BHO: No Name - {11111111-1111-1111-1111-110511291116} - No File BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {11111111-1111-1111-1111-110511291116} - No File BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SpadeCast - {ed381eb3-45e2-4e12-89eb-be974b15da44} - C:\Program Files (x86)\SpadeCast\SpadeCastbho.dll (SpadeCast) BHO-x32: No Name - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Users\user\AppData\LocalLow\systems ie bho\bho.dll () Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379 FF SearchEngineOrder.1: Microsoft (Bing) FF Homepage: google.de FF Keyword.URL: hxxp://www.bing.com/search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\bing-avast.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\conduit.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\trovi-search.xml FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: 20-20 3D Viewer - IKEA - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\2020Player_IKEA@2020Technologies.com [2014-01-04] FF Extension: Plus-HD-9.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-06-20] FF Extension: Foxy Secure - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\admin@foxysecure.com [2014-06-13] FF Extension: SpadeCast - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\53czz40h.default-1387482121379\Extensions\{f64c1459-b911-4fd8-a74e-36a496bf26e3}.xpi [2014-06-20] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-02] Chrome: ======= CHR HomePage: hxxp://www.msn.com/?pc=AV01 CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01" CHR NewTab: "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html" CHR DefaultSearchKeyword: bing1.com CHR DefaultSearchProvider: Microsoft (Bing) CHR DefaultSearchURL: hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26] CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-19] CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-19] CHR HKCU\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\user\AppData\Local\Temp\CT3317892.crx [2014-06-19] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed] S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed] R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-11-28] () [File not signed] R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [580976 2012-03-21] (SMART Technologies) R2 TVECapSvc; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [372831 2008-11-28] () [File not signed] R2 TVESched; C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [184413 2008-11-28] () [File not signed] R2 Update SpadeCast; C:\Program Files (x86)\SpadeCast\updateSpadeCast.exe [317728 2014-06-20] () R2 Util SpadeCast; C:\Program Files (x86)\SpadeCast\bin\utilSpadeCast.exe [317728 2014-06-20] () ==================== Drivers (Whitelisted) ==================== R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1305056 2009-09-24] (NXP Semiconductors Germany GmbH) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-23] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-04-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-23] () R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC) R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC) R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC) S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [32240 2008-05-16] (Cyberlink Corp.) R1 {f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64; C:\Windows\System32\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys [60088 2014-06-16] (StdLib) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-20 20:29 - 2014-06-20 20:30 - 00027030 _____ () C:\Users\user\Downloads\FRST.txt 2014-06-20 20:29 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Downloads\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-19 23:51 - 2014-06-19 23:51 - 02082304 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:33 - 2014-06-16 17:45 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-19 22:31 - 2014-06-20 20:00 - 00001426 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.job 2014-06-19 22:31 - 2014-06-20 18:08 - 00000000 ____D () C:\Program Files (x86)\SpadeCast 2014-06-19 22:31 - 2014-06-19 22:31 - 00004456 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5 2014-06-19 22:30 - 2014-06-20 20:30 - 00001424 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7.job 2014-06-19 22:30 - 2014-06-20 20:00 - 00002206 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.job 2014-06-19 22:30 - 2014-06-20 20:00 - 00001346 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.job 2014-06-19 22:30 - 2014-06-20 19:59 - 00001490 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6.job 2014-06-19 22:30 - 2014-06-20 19:59 - 00001482 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1.job 2014-06-19 22:30 - 2014-06-19 22:30 - 00005236 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4 2014-06-19 22:30 - 2014-06-19 22:30 - 00004520 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6 2014-06-19 22:30 - 2014-06-19 22:30 - 00004512 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1 2014-06-19 22:30 - 2014-06-19 22:30 - 00004452 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7 2014-06-19 22:30 - 2014-06-19 22:30 - 00004376 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2 2014-06-19 22:29 - 2014-06-20 20:00 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-06-19 22:29 - 2014-06-20 20:00 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.1 2014-06-19 22:29 - 2014-06-20 04:34 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-06-19 22:29 - 2014-06-19 22:29 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-06-19 22:29 - 2014-06-19 22:29 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Users\user\AppData\Local\globalUpdate 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-06-19 22:28 - 2014-06-20 18:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\VOPackage 2014-06-19 22:28 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-19 22:27 - 2014-06-20 18:17 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-06-19 22:27 - 2014-06-19 22:27 - 00000000 ____D () C:\Users\user\AppData\Local\SearchProtect 2014-06-19 22:25 - 2014-06-19 22:25 - 00468912 _____ () C:\Users\user\Downloads\download_audiograbber.exe 2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-13 17:22 - 2014-06-13 18:14 - 00000000 ____D () C:\Program Files (x86)\ProgDVB 2014-06-13 17:22 - 2014-06-13 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:42 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:41 - 2014-06-12 23:08 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:40 - 2008-11-28 02:05 - 00095232 _____ (CyberLink) C:\Windows\SysWOW64\oCLWatson.exe 2014-06-12 22:40 - 2008-11-28 02:05 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll 2014-06-12 22:40 - 2008-11-28 02:05 - 00000917 _____ () C:\Windows\SysWOW64\CLWatson.ini 2014-06-12 22:39 - 2014-06-13 08:54 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-12 22:38 - 2014-06-12 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:32 - 2014-06-12 22:33 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 22:12 - 2014-06-12 22:12 - 00357736 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_fuer_cyberlink-powercinema.exe 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-11 17:36 - 2014-05-28 20:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 17:36 - 2014-05-28 20:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 17:36 - 2014-05-28 20:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 17:36 - 2014-05-28 20:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 17:36 - 2014-05-28 20:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 20:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 17:36 - 2014-05-28 20:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 20:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 20:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-11 17:36 - 2014-05-28 20:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 20:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 17:36 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 17:36 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 17:36 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 17:36 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 17:36 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 17:36 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-06-11 17:36 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 17:36 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 17:36 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 17:36 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 17:36 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-06-11 17:36 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-06-11 17:36 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 17:36 - 2014-04-26 20:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 17:36 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 17:36 - 2014-04-05 11:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 17:36 - 2014-03-10 08:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 17:36 - 2014-03-10 08:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 17:36 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-05 22:41 - 2014-06-18 23:03 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389526074 2014-05-30 10:35 - 2014-06-14 17:34 - 00000000 ____D () C:\Users\user\Radio ==================== One Month Modified Files and Folders ======= 2014-06-20 20:30 - 2014-06-20 20:29 - 00027030 _____ () C:\Users\user\Downloads\FRST.txt 2014-06-20 20:30 - 2014-06-19 22:30 - 00001424 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7.job 2014-06-20 20:29 - 2014-06-20 20:29 - 00000000 ____D () C:\FRST 2014-06-20 20:21 - 2014-06-20 20:21 - 00000470 _____ () C:\Users\user\Downloads\defogger_disable.log 2014-06-20 20:21 - 2014-06-20 20:21 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-06-20 20:20 - 2014-06-20 20:20 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe 2014-06-20 20:16 - 2013-08-18 22:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-20 20:13 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-20 20:13 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat 2014-06-20 20:13 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat 2014-06-20 20:04 - 2008-01-21 03:53 - 01656626 _____ () C:\Windows\WindowsUpdate.log 2014-06-20 20:03 - 2013-05-03 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-20 20:01 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster 2014-06-20 20:01 - 2014-04-23 19:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox 2014-06-20 20:01 - 2013-04-29 15:05 - 00000000 ___RD () C:\Users\user\Dropbox 2014-06-20 20:00 - 2014-06-20 20:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-06-20 20:00 - 2014-06-19 22:31 - 00001426 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5.job 2014-06-20 20:00 - 2014-06-19 22:30 - 00002206 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4.job 2014-06-20 20:00 - 2014-06-19 22:30 - 00001346 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2.job 2014-06-20 20:00 - 2014-06-19 22:29 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-06-20 20:00 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-9.1 2014-06-20 20:00 - 2013-05-02 16:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-20 20:00 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-20 20:00 - 2006-11-02 14:34 - 00000321 _____ () C:\Windows\win.ini 2014-06-20 19:59 - 2014-06-19 22:30 - 00001490 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6.job 2014-06-20 19:59 - 2014-06-19 22:30 - 00001482 _____ () C:\Windows\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1.job 2014-06-20 19:59 - 2013-10-09 21:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec52859da7a64.job 2014-06-20 19:59 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 19:59 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-20 19:59 - 2006-11-02 17:22 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-20 18:19 - 2006-11-02 17:42 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-20 18:17 - 2014-06-19 22:27 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-06-20 18:17 - 2013-08-12 21:55 - 00000876 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-20 18:09 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\VOPackage 2014-06-20 18:08 - 2014-06-19 22:31 - 00000000 ____D () C:\Program Files (x86)\SpadeCast 2014-06-20 18:08 - 2013-08-12 21:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-20 04:34 - 2014-06-19 22:29 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-06-19 23:51 - 2014-06-19 23:51 - 02082304 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2014-06-19 23:35 - 2014-06-19 23:35 - 00000034 _____ () C:\Windows\cdplayer.ini 2014-06-19 23:27 - 2013-06-01 00:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Audacity 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber 2014-06-19 22:32 - 2014-06-19 22:32 - 00000000 ____D () C:\Program Files (x86)\Audiograbber 2014-06-19 22:31 - 2014-06-19 22:31 - 00004456 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-5 2014-06-19 22:30 - 2014-06-19 22:30 - 00005236 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-4 2014-06-19 22:30 - 2014-06-19 22:30 - 00004520 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-6 2014-06-19 22:30 - 2014-06-19 22:30 - 00004512 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-1 2014-06-19 22:30 - 2014-06-19 22:30 - 00004452 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-7 2014-06-19 22:30 - 2014-06-19 22:30 - 00004376 _____ () C:\Windows\System32\Tasks\9671d8ef-f240-4625-9dd0-ca0fe1e661db-2 2014-06-19 22:29 - 2014-06-19 22:29 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2014-06-19 22:29 - 2014-06-19 22:29 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Users\user\AppData\Local\globalUpdate 2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-06-19 22:28 - 2014-06-19 22:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-19 22:27 - 2014-06-19 22:27 - 00000000 ____D () C:\Users\user\AppData\Local\SearchProtect 2014-06-19 22:25 - 2014-06-19 22:25 - 00468912 _____ () C:\Users\user\Downloads\download_audiograbber.exe 2014-06-19 18:58 - 2014-06-19 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 23:03 - 2014-06-05 22:41 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389526074 2014-06-18 23:03 - 2013-05-02 21:34 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-16 20:34 - 2013-08-23 21:07 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien 2014-06-16 20:33 - 2013-04-29 15:11 - 00000000 ____D () C:\Users\user\Klettern und Wandern 2014-06-16 17:45 - 2014-06-19 23:33 - 00060088 _____ (StdLib) C:\Windows\system32\Drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gt64.sys 2014-06-14 17:34 - 2014-05-30 10:35 - 00000000 ____D () C:\Users\user\Radio 2014-06-13 20:00 - 2013-05-06 20:55 - 00000000 ____D () C:\Users\user\Schule 2014-06-13 18:14 - 2014-06-13 17:22 - 00000000 ____D () C:\Program Files (x86)\ProgDVB 2014-06-13 17:22 - 2014-06-13 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB 2014-06-13 08:54 - 2014-06-12 22:39 - 00000000 ____D () C:\Users\user\AppData\Local\PlayMovie 2014-06-13 08:54 - 2006-11-02 17:21 - 00388712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-12 23:08 - 2014-06-12 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\TVEnhance 2014-06-12 22:46 - 2014-06-12 22:46 - 00000000 ____D () C:\Users\user\AppData\Local\Powercinema 2014-06-12 22:45 - 2014-06-12 22:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerCinema 2014-06-12 22:45 - 2013-05-03 23:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\CyberLink 2014-06-12 22:45 - 2013-04-30 19:27 - 00105304 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 22:42 - 2014-06-12 22:42 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security Systems 2014-06-12 22:42 - 2013-05-02 16:14 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-06-12 22:42 - 2013-04-30 19:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-12 22:41 - 2013-05-02 17:47 - 00000000 ____D () C:\ProgramData\CyberLink 2014-06-12 22:38 - 2014-06-12 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerCinema 2014-06-12 22:33 - 2014-06-12 22:32 - 00000000 ____D () C:\ProgramData\Temp 2014-06-12 22:12 - 2014-06-12 22:12 - 00357736 _____ (Softonic) C:\Users\user\Downloads\SoftonicDownloader_fuer_cyberlink-powercinema.exe 2014-06-12 21:50 - 2014-06-12 21:50 - 00003018 _____ () C:\Windows\System32\Tasks\{8A4556A9-EE1E-4914-826A-73F976E77265} 2014-06-12 21:31 - 2013-08-16 18:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 21:29 - 2006-11-02 14:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-06-12 21:28 - 2013-05-02 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-10 23:33 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Catrin 2014-06-05 23:15 - 2013-05-03 00:52 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-06-01 20:32 - 2013-05-03 23:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2014-05-31 23:14 - 2013-05-03 16:43 - 00135680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-31 23:14 - 2013-04-29 15:06 - 00000000 ____D () C:\Users\user\Fotos 2014-05-28 20:53 - 2014-06-11 17:36 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-28 20:37 - 2014-06-11 17:36 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-28 20:35 - 2014-06-11 17:36 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-28 20:31 - 2014-06-11 17:36 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-28 20:30 - 2014-06-11 17:36 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-28 20:30 - 2014-06-11 17:36 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-28 20:29 - 2014-06-11 17:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-28 20:29 - 2014-06-11 17:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-28 20:28 - 2014-06-11 17:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-05-28 20:28 - 2014-06-11 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-05-28 20:28 - 2014-06-11 17:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-05-28 20:27 - 2014-06-11 17:36 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-28 18:48 - 2014-06-11 17:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-28 18:39 - 2014-06-11 17:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-28 18:38 - 2014-06-11 17:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-28 18:33 - 2014-06-11 17:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-28 18:32 - 2014-06-11 17:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-28 18:32 - 2014-06-11 17:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-05-28 18:31 - 2014-06-11 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-28 18:30 - 2014-06-11 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-28 18:30 - 2014-06-11 17:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-28 18:29 - 2014-06-11 17:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-28 18:29 - 2014-06-11 17:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-05-28 18:29 - 2014-06-11 17:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-05-28 18:28 - 2014-06-11 17:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-28 18:19 - 2013-04-29 15:04 - 00000000 ____D () C:\Users\user\Documents\Aufnahmen 2014-05-28 10:53 - 2014-04-23 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-26 23:00 - 2013-04-29 15:03 - 00000000 ____D () C:\Users\user\Caspar Files to move or delete: ==================== C:\ProgramData\PKP_DLeo.DAT C:\ProgramData\PKP_DLes.DAT C:\ProgramData\PKP_DLet.DAT C:\ProgramData\PKP_DLev.DAT Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\AskSLib.dll C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4lxv0v.dll C:\Users\user\AppData\Local\Temp\FoxySecuritySetup.exe C:\Users\user\AppData\Local\Temp\InstallAX.exe C:\Users\user\AppData\Local\Temp\installhelper.dll C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\user\AppData\Local\Temp\MSETUP4.EXE C:\Users\user\AppData\Local\Temp\nsc7D8D.exe C:\Users\user\AppData\Local\Temp\nscE0F4.exe C:\Users\user\AppData\Local\Temp\nsfFCF3.exe C:\Users\user\AppData\Local\Temp\nsh8D39.exe C:\Users\user\AppData\Local\Temp\nsk8A8.exe C:\Users\user\AppData\Local\Temp\nsk91CC.exe C:\Users\user\AppData\Local\Temp\nsk9DB0.exe C:\Users\user\AppData\Local\Temp\nsmB32D.exe C:\Users\user\AppData\Local\Temp\nsp971A.exe C:\Users\user\AppData\Local\Temp\nsq2FD.exe C:\Users\user\AppData\Local\Temp\nsq8DF0.exe C:\Users\user\AppData\Local\Temp\ose00000.exe C:\Users\user\AppData\Local\Temp\SetupDataMngr_Searchqu.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF-1.exe C:\Users\user\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\user\AppData\Local\Temp\SPStub.exe C:\Users\user\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\user\AppData\Local\Temp\tbRadi.dll C:\Users\user\AppData\Local\Temp\uninstall.exe C:\Users\user\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.1-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.2-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.3-win64.exe C:\Users\user\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-20 20:06 ==================== End Of Log ============================ Vielen Dank und mit besten Grüßen Löschel |
Baum-Darstellung