| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Eventueller Virenbefall durch Netzwerk?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.06.2014, 19:56
| #1 |
 |  Windows 7: Eventueller Virenbefall durch Netzwerk? Hallo, der Laptop meiner Frau war mit Malware infiziert und ich wollte kurz fragen, ob ich durch unser Heimnetzwerk eventuell etwas "abbekommen" habe? Hier meine log-Files: defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:09 on 29/06/2014 (Richerts)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Richerts (administrator) on RICHERTS-PC on 29-06-2014 20:11:29
Running from C:\Users\Richerts\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24Creator\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D34185D0C35CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {FB442BEF-A6F0-4316-8168-EC3575B2A5C2} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - {FB442BEF-A6F0-4316-8168-EC3575B2A5C2} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Homepage: https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-03-26]
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-03-26]
FF Extension: HDvid Codec - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\Extensions\staged [2014-03-26]
FF Extension: Snap.Do - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\Extensions\{f9fc93be-f796-7006-7b62-402a556f07a7} [2014-03-26]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-01-07]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-15]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-15]
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (WOT) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Ciuvo Preisvergleich) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh [2013-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-29]
CHR Extension: (Google-Suche) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Readium) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-05-30]
CHR Extension: (3D-Bowling) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-04-29]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-06-22]
CHR Extension: (LearningApps.org) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkpajokdkoidfiohkeknhhheinfpimfc [2014-03-31]
CHR Extension: (World Data Atlas) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2014-03-31]
CHR Extension: (WorkFlowy) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-06-22]
CHR Extension: (Google Mail) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKCU\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
S2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251760 2014-01-05] (BUFFALO INC.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-29 20:12 - 2014-06-29 20:12 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-29 20:11 - 2014-06-29 20:12 - 00022110 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-29 20:11 - 2014-06-29 20:11 - 00000000 ____D () C:\FRST
2014-06-29 20:10 - 2014-06-29 20:11 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:14 - 2014-06-29 19:16 - 00104960 _____ () C:\Users\Richerts\Desktop\Lied zum Abschied Kl 4a Rischenau.pub
2014-06-29 19:11 - 2014-06-29 19:14 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:28 - 2014-06-23 22:50 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 23:19 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-22 23:15 - 2014-06-28 00:01 - 00008969 ____H () C:\Windows\system32\BTImages.dat
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:52 - 2014-04-30 11:01 - 00488032 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-22 22:52 - 2014-04-30 11:01 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-22 22:52 - 2014-04-30 11:00 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:51 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:21 - 2014-06-22 22:22 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 22:07 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 18:01 - 2014-06-22 18:01 - 142293945 _____ () C:\Users\Richerts\Desktop\Die großen Entdecker der Welt_ Cook, Kolumbus, Vespucci, ect..mp4
2014-06-22 17:55 - 2014-06-22 17:55 - 165446210 _____ () C:\Users\Richerts\Desktop\DOKU_Christoph Kolumbus - Die Wahre Biografie_DEUTSCH _ 2014.mp4
2014-06-22 17:44 - 2014-06-22 17:44 - 00001919 _____ () C:\Users\Richerts\Desktop\Sync Folder.lnk
2014-06-22 17:43 - 2014-06-22 23:02 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-06-22 17:43 - 2014-06-22 17:43 - 00001049 _____ () C:\Users\Richerts\Desktop\MyPC Backup.lnk
2014-06-22 17:43 - 2014-06-22 17:43 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-06-22 17:42 - 2014-06-22 17:42 - 00001251 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-06-22 17:42 - 2014-06-22 17:42 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-12 10:19 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 10:19 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 10:19 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 10:19 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 10:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 10:19 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 10:19 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 10:19 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 10:19 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 10:19 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 10:19 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 10:19 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 10:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 10:19 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 10:19 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 10:19 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 10:19 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 10:19 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 10:19 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 10:19 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 10:19 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 10:19 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 10:19 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 10:19 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 10:19 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 10:19 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 10:19 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 10:19 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 10:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 10:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 10:18 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 10:18 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 10:18 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 10:18 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 10:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 10:08 - 2014-06-22 23:15 - 00000965 _____ () C:\Windows\setupact.log
2014-06-12 10:08 - 2014-06-22 22:59 - 00016678 _____ () C:\Windows\PFRO.log
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-11 09:37 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:37 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 20:22 - 2014-06-12 13:52 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\pdfforge
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-04-17 19:36 - 00095928 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-06-02 16:49 - 2014-06-02 16:50 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:03 - 2014-05-31 12:10 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 11:59 - 2014-05-31 12:03 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
2014-05-30 23:48 - 2014-05-30 23:54 - 00000000 ____D () C:\Users\Richerts\Documents\Calibre-Bibliothek
2014-05-30 23:48 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\AppData\Local\calibre-cache
2014-05-30 23:47 - 2014-05-30 23:52 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\calibre
2014-05-30 23:47 - 2014-05-30 23:47 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\Program Files\Calibre2
2014-05-30 23:44 - 2014-05-30 23:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\Richerts\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-05-30 23:39 - 2014-05-30 23:42 - 208218905 _____ () C:\Users\Richerts\Downloads\eBook_OER_fuer_alle_Version2.0.epub
2014-05-30 10:08 - 2014-06-23 23:32 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Copernic
2014-05-30 10:08 - 2014-06-23 23:32 - 00000000 ____D () C:\Program Files\Common Files\Copernic
2014-05-30 10:08 - 2007-11-15 12:22 - 00110110 _____ () C:\Windows\CopernicAgentUninstall.exe
2014-05-30 02:35 - 2014-05-30 02:35 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
==================== One Month Modified Files and Folders =======
2014-06-29 20:12 - 2014-06-29 20:12 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-29 20:12 - 2014-06-29 20:11 - 00022110 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-29 20:11 - 2014-06-29 20:11 - 00000000 ____D () C:\FRST
2014-06-29 20:11 - 2014-06-29 20:10 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:10 - 2012-11-24 15:46 - 01209123 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:09 - 2012-11-24 15:51 - 00000000 ____D () C:\Users\Richerts
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:54 - 2013-04-29 18:49 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 19:50 - 2012-12-04 21:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 19:16 - 2014-06-29 19:14 - 00104960 _____ () C:\Users\Richerts\Desktop\Lied zum Abschied Kl 4a Rischenau.pub
2014-06-29 19:14 - 2014-06-29 19:11 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-28 22:54 - 2013-04-29 18:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 20:56 - 2013-09-30 22:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-28 20:16 - 2012-11-24 15:53 - 01622904 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 12:59 - 2013-07-27 23:02 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\KeePass
2014-06-28 00:01 - 2014-06-22 23:15 - 00008969 ____H () C:\Windows\system32\BTImages.dat
2014-06-27 23:59 - 2013-05-25 22:45 - 00000000 ____D () C:\Program Files\Schulfix
2014-06-27 23:58 - 2013-12-16 18:26 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-06-26 22:48 - 2013-06-14 10:38 - 00000000 ____D () C:\Users\Richerts\Desktop\Referendariat
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-26 21:06 - 2014-06-22 22:07 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-26 17:42 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 17:42 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Copernic
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Program Files\Common Files\Copernic
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:50 - 2014-06-23 22:28 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:26 - 2012-12-01 22:03 - 00000000 ____D () C:\Users\Richerts\AppData\Local\Microsoft Help
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 23:15 - 2014-06-12 10:08 - 00000965 _____ () C:\Windows\setupact.log
2014-06-22 23:02 - 2014-06-22 17:43 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-06-22 22:59 - 2014-06-12 10:08 - 00016678 _____ () C:\Windows\PFRO.log
2014-06-22 22:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:51 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:36 - 2013-03-29 19:39 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\QuickScan
2014-06-22 22:22 - 2014-06-22 22:21 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:19 - 2014-03-26 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-22 22:19 - 2013-05-10 22:16 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\DVDVideoSoft
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 18:01 - 2014-06-22 18:01 - 142293945 _____ () C:\Users\Richerts\Desktop\Die großen Entdecker der Welt_ Cook, Kolumbus, Vespucci, ect..mp4
2014-06-22 17:55 - 2014-06-22 17:55 - 165446210 _____ () C:\Users\Richerts\Desktop\DOKU_Christoph Kolumbus - Die Wahre Biografie_DEUTSCH _ 2014.mp4
2014-06-22 17:44 - 2014-06-22 17:44 - 00001919 _____ () C:\Users\Richerts\Desktop\Sync Folder.lnk
2014-06-22 17:43 - 2014-06-22 17:43 - 00001049 _____ () C:\Users\Richerts\Desktop\MyPC Backup.lnk
2014-06-22 17:43 - 2014-06-22 17:43 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-06-22 17:42 - 2014-06-22 17:42 - 00001251 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-06-22 17:42 - 2014-06-22 17:42 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-06-22 17:42 - 2014-03-26 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-18 17:02 - 2013-01-09 16:23 - 00000000 ____D () C:\Users\Richerts\Documents\Steuerfälle
2014-06-17 07:01 - 2014-04-26 13:12 - 00002175 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-06-12 18:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 15:27 - 2014-05-07 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 13:52 - 2014-06-03 20:22 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 00:15 - 2013-08-24 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:15 - 2012-12-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 00:13 - 2012-11-24 16:51 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:51 - 2014-04-11 14:17 - 00000000 ____D () C:\Users\Richerts\Desktop\DUA_DUA_zeitreise_2_NRW_451026
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-08 10:48 - 2014-06-12 10:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 10:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 17:05 - 2014-06-02 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\pdfforge
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:49 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:10 - 2014-05-31 12:03 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 12:03 - 2014-05-31 11:59 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
2014-05-30 23:54 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\Documents\Calibre-Bibliothek
2014-05-30 23:52 - 2014-05-30 23:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\calibre
2014-05-30 23:48 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\AppData\Local\calibre-cache
2014-05-30 23:47 - 2014-05-30 23:47 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\Program Files\Calibre2
2014-05-30 23:44 - 2014-05-30 23:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\Richerts\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-05-30 23:42 - 2014-05-30 23:39 - 208218905 _____ () C:\Users\Richerts\Downloads\eBook_OER_fuer_alle_Version2.0.epub
2014-05-30 11:18 - 2014-06-12 10:19 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 10:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 10:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 10:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 10:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 10:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 10:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 10:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 10:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 10:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 10:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 10:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 10:19 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 10:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 10:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 10:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 10:19 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 10:19 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 10:19 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 10:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 10:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 10:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 10:19 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 10:19 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 10:19 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 10:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 02:35 - 2014-05-30 02:35 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
Some content of TEMP:
====================
C:\Users\Richerts\AppData\Local\Temp\avgnt.exe
C:\Users\Richerts\AppData\Local\Temp\BackupSetup.exe
C:\Users\Richerts\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Richerts\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Richerts\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Richerts\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Richerts\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-29 17:44
==================== End Of Log ============================
Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Richerts at 2014-06-29 20:12:41
Running from C:\Users\Richerts\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
AudibleManager (HKLM\...\AudibleManager) (Version: 2007521904.48.56.4001002 - Audible, Inc.)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
BCL easyConverter 3.0 Licensing Module (BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (Version: 3.0.18 - BCL Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version: - )
calibre (HKLM\...\{39509A2F-C63C-404E-A4DC-7E6D4FCB6D66}) (Version: 1.39.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG4100 series Benutzerregistrierung (HKLM\...\Canon MG4100 series Benutzerregistrierung) (Version: - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - Canon Inc.)
Canon MG4100 series On-screen Manual (HKLM\...\Canon MG4100 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cornelsen Werkzeuge 3.6 (HKLM\...\{C55F20AB-2B65-434E-ABA7-6B70232B4602}) (Version: 3.6.0 - Cornelsen Verlag, Berlin)
Cornelsen Werkzeuge 3.6 Deutschbuch 5 DA (HKLM\...\{EBD27E31-235C-46B9-AC81-5FB466585A91}) (Version: 3.6.0 - Cornelsen Verlag)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Free Audio Converter version 5.0.43.605 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.37.325 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.37.325 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Outlook Contact Sync 0.9.1.0 (HKLM\...\{3D6E90E1-602D-48C8-BBD2-28D1E183AE50}_is1) (Version: - Daniel Polistchuck)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.26 (HKLM\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
KeePass Password Safe 2.26 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMicroBalance (HKLM\...\{CAF30EE3-A2E2-47BE-A37B-96524BCB3EF5}) (Version: 2.5.5 - startzentrum GmbH & Co KG)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
OfficeOne AutoDateTime 5.2 (HKLM\...\AutoDateTime_is1) (Version: 5.2 - OfficeOne)
OpenVPN 2.3.4-I001 (HKLM\...\OpenVPN) (Version: 2.3.4-I001 - )
PDF Architect (HKLM\...\{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}) (Version: 1.0.41.8362 - pdfforge)
PDF24 Creator 5.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF2Word Converter Version 1.1.0 (Build 164) (HKLM\...\PDF2Word Converter_is1) (Version: PDF2Word Converter - Version 1.1.0 (Build 164) - Th. Hodes Software)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.3 - pdfforge)
Pfadfinder 2.0 (HKLM\...\{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}) (Version: 1.0.18 - Bildungshaus Schulbuchverlage GmbH, Braunschweig)
Picto-Selector 1.6 (HKLM\...\{8032E8DE-1764-4F00-B19E-EF2DBBDB649B}_is1) (Version: - M.C. van der Kooij)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rund um (2.0) ... denkmal 1 NRW (HKLM\...\{CDC513C3-CC2E-4DAC-B5CA-6DB6442D9076}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um (2.0) ... denkmal 2 NRW (HKLM\...\{6D1EF682-6935-4439-96F1-F4C379AB0D39}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um (2.0) ... denkmal 3 NRW (HKLM\...\{77033758-56F0-4CD8-8838-013343D2C2B3}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do Engine (HKCU\...\{40a7fe5c-faae-4b78-9a13-7f1da2b486a3}) (Version: 10.213.1.15234 - ReSoft Ltd.) <==== ATTENTION
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Sweet Home 3D version 4.1 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.201 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.8.9 - Shark007)
YTD Toolbar v8.9 (HKLM\...\{DA36FB9E-9020-47E6-9BDE-B33A6E36F0F4}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8.1 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)
ZoneAlarm Antivirus (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Restore Points =========================
20-06-2014 12:14:57 Geplanter Prüfpunkt
22-06-2014 21:19:04 Windows Update
27-06-2014 08:31:04 Windows Update
27-06-2014 21:57:36 TuneUp Utilities 2014 wird entfernt
27-06-2014 21:58:57 TuneUp Utilities 2014 (de-DE) wird entfernt
27-06-2014 21:59:55 Removed YTD Toolbar v8.9.
27-06-2014 22:00:34 Removed YTD Toolbar v8.9.
27-06-2014 22:01:16 Removed YTD Toolbar v8.9.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {13085105-8B60-4C50-881B-8FE7DFE4E52D} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {182B6906-7E85-44F9-AD33-B2FEB3FA353B} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {19E08C53-8AE5-4866-9D2D-835371580F04} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {1AD36E28-3B09-4809-8DD7-77EE8B7A3133} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {2F35B5CC-B7BA-4891-8897-84C85AE5F617} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {5541AC2F-47AD-41F8-899F-F6D8FDDCEA76} - System32\Tasks\Google Updater and Installer => C:\Users\Richerts\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {58D86865-3C12-44F7-8668-3E54566D9231} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {7238A56A-4A77-4FDF-A2C2-ECFFA9335ADC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: {7565736B-5202-4FCF-BD61-773032A4DB4C} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {770DBA33-FBC5-4F90-9343-FB16F8D7A5FF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AACD8650-76DF-4AD2-8986-4A128CC3867D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {AEAC2326-0EC2-450B-840C-6BE873FECFA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: {C20A1F27-A372-45D9-9A93-E40E55DC022A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-24] (Samsung Electronics Co., Ltd.)
Task: {CA48358C-65BA-48F5-9971-95B9A86B49D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D46FB361-7BCD-4A7F-91CC-1EA2360951EF} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {E800C419-DDA8-4B21-A3F0-6DC9F1D4E375} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {F862C647-516C-423E-B16D-6CC0EAD1D8F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F914D9F9-F094-403B-A208-6144FA93AB20} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-26 23:04 - 2014-03-26 23:04 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-13 23:24 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-13 23:24 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-13 23:24 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-13 23:24 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-13 23:24 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-11-25 01:07 - 2004-09-08 14:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2013-09-30 22:10 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-05-13 23:24 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-10 22:53 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-10 22:53 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-10 22:53 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-10 22:53 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-10 22:53 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Users^Richerts^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4945
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4945
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3916
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3916
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2574
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2574
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1435
System errors:
=============
Error: (06/26/2014 10:31:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (06/26/2014 10:31:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (06/26/2014 10:31:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (06/26/2014 10:31:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (06/22/2014 11:00:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/22/2014 11:00:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht.
Error: (06/20/2014 06:48:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0006F03A-0000-0000-C000-000000000046}
Error: (06/18/2014 08:02:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (06/18/2014 08:02:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (06/18/2014 03:19:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Microsoft Office Sessions:
=========================
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4945
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4945
Error: (06/29/2014 07:56:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3916
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3916
Error: (06/29/2014 07:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2574
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2574
Error: (06/29/2014 07:56:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2014 07:56:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1435
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3066.61 MB
Available physical RAM: 1556.2 MB
Total Pagefile: 6129.45 MB
Available Pagefile: 4017.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.88 GB) (Free:120.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=223 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Vielen Dank für Eure Mithilfe. Gruß, Peter |
|
29.06.2014, 20:16
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Eventueller Virenbefall durch Netzwerk? hi,
__________________du hast Adware auf dem Rechner, das kommt aber nicht durch das Netzwerk. Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
29.06.2014, 22:14
| #3 |
| | Windows 7: Eventueller Virenbefall durch Netzwerk? Hallo "schrauber",
__________________vielen Dank für die schnelle Antwort und die Info. Hier die log-files: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.06.2014 Suchlauf-Zeit: 22:32:13 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.29.08 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Richerts Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 260864 Verstrichene Zeit: 12 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 6 PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_O1WDQhweL4bkM_JB5F8cVCzohr6E23-AS_dtzlDJkcb1SHv6DKmXUilFqQOMhzj, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_O1WDQhweL4bkM_JB5F8cVCzohr6E23-AS_dtzlDJkcb1SHv6DKmXUilFqQOMhzj),Ersetzt,[62da05799cdfba7cc934ddad4aba29d7] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}),Ersetzt,[8eaea7d70d6e5adc40bb7317b3511ee2] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}),Ersetzt,[d26a740aaccf3cfafc002268ad57a45c] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}),Ersetzt,[0c30c1bda6d543f34db1a9e18d77f808] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}),Ersetzt,[4fedf589116ad16597688a00c044ca36] PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0BtpJcuZo7U6IVqMMW0uEYoX7FDkM0V0R46ALT9cb8HUXi6ho4p41ABQxmQ34IwJu_OGLqNTIAMoSqjAKr5ftKI4vRXclw8mMxqK3iyjs1OKzBR57Ljn9CttDopRuGU3V&q={searchTerms}),Ersetzt,[023a2955314afa3cc6d1d4ad4aba2ad6] Ordner: 14 PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\lib, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\de, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\en, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\es, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\fr, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\it, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\pl, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\ru, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], Dateien: 29 PUP.Optional.Spigot.A, C:\Windows\Installer\359ce500.msi, In Quarantäne, [ae8e1e6080fb74c28fbcabdc976aa15f], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\background.html, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\ciuvo.min.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\contentscript.min.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\manifest.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\options.html, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\options.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\connected_page.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\csl.min.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\grinder_base.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\interpreter.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\plugins.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\templates.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\base-src\toolbar.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_active.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_active_small.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_icon.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_inactive.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_inactive_small.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_star.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\icons\ciuvo\ciuvo_star_small.png, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\lib\Jtl_1.0-pre.js, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\de\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\en\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\es\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\fr\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\it\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\pl\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], PUP.Optional.Ciuvo.A, C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmmkkbjmcidpennbibfkncodjenfpjh\1.4.17_0\_locales\ru\messages.json, In Quarantäne, [023ae49acead76c0d9ae456748ba58a8], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 29/06/2014 um 22:55:04
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Richerts - RICHERTS-PC
# Gestartet von : C:\Users\Richerts\Downloads\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\GreenTree Applications
Ordner Gelöscht : C:\Users\Richerts\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Richerts\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
[ Datei : C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\prefs.js ]
[ Datei : C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
[ Datei : C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\y56f4fpv.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : pdnkcidphdcakpkheohlhocaicfamjie
*************************
AdwCleaner[R0].txt - [15329 octets] - [17/12/2013 22:59:32]
AdwCleaner[R1].txt - [8393 octets] - [27/04/2014 21:32:31]
AdwCleaner[R2].txt - [3900 octets] - [29/06/2014 22:52:15]
AdwCleaner[S0].txt - [15246 octets] - [17/12/2013 23:05:20]
AdwCleaner[S1].txt - [6846 octets] - [27/04/2014 22:13:29]
AdwCleaner[S2].txt - [3825 octets] - [29/06/2014 22:55:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3885 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Richerts on 29.06.2014 at 23:01:21,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2263252255-1708856640-2164245826-1000\Software\sweetim
~~~ Files
Successfully deleted: [File] C:\Windows\system32\RENAD5F.tmp
Successfully deleted: [File] C:\Windows\system32\RENAD60.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Richerts\AppData\Roaming\mozilla\firefox\profiles\2sa4jryb.default\extensions\staged
Failed to delete: [Folder] C:\Users\Richerts\AppData\Roaming\mozilla\firefox\profiles\2sa4jryb.default\extensions\ytd@mybrowserbar.com
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2014 at 23:05:27,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Richerts (administrator) on RICHERTS-PC on 29-06-2014 23:07:45
Running from C:\Users\Richerts\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Buffalo Inc.) C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24Creator\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D34185D0C35CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FB442BEF-A6F0-4316-8168-EC3575B2A5C2} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Homepage: https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-03-26]
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-03-26]
FF Extension: HDvid Codec - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: Snap.Do - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\Extensions\{f9fc93be-f796-7006-7b62-402a556f07a7} [2014-03-26]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-01-07]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-15]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-15]
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (WOT) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-29]
CHR Extension: (Google-Suche) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Readium) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-05-30]
CHR Extension: (3D-Bowling) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-04-29]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-06-22]
CHR Extension: (LearningApps.org) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkpajokdkoidfiohkeknhhheinfpimfc [2014-03-31]
CHR Extension: (World Data Atlas) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2014-03-31]
CHR Extension: (WorkFlowy) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKCU\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251760 2014-01-05] (BUFFALO INC.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-29 23:05 - 2014-06-29 23:05 - 00001475 _____ () C:\Users\Richerts\Desktop\JRT.txt
2014-06-29 23:01 - 2014-06-29 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 23:00 - 2014-06-29 23:01 - 01016261 _____ (Thisisu) C:\Users\Richerts\Downloads\JRT.exe
2014-06-29 22:50 - 2014-06-29 22:51 - 01342659 _____ () C:\Users\Richerts\Downloads\adwcleaner_3.213.exe
2014-06-29 22:30 - 2014-06-29 22:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:30 - 2014-06-29 22:30 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 22:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 22:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-29 22:27 - 2014-06-29 22:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Richerts\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-29 22:04 - 2014-06-29 22:04 - 00001226 _____ () C:\Users\Richerts\Desktop\Revo Uninstaller.lnk
2014-06-29 22:04 - 2014-06-29 22:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-29 22:03 - 2014-06-29 22:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Richerts\Downloads\revosetup95.exe
2014-06-29 20:57 - 2014-06-29 20:57 - 00003296 _____ () C:\Users\Richerts\Downloads\Gmer.txt.txt.zip
2014-06-29 20:52 - 2014-06-29 20:52 - 01110476 _____ () C:\Users\Richerts\Downloads\7z920.exe
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-29 20:14 - 2014-06-29 20:14 - 00380416 _____ () C:\Users\Richerts\Downloads\Gmer-19357.exe
2014-06-29 20:12 - 2014-06-29 23:06 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-29 20:12 - 2014-06-29 20:13 - 00033909 _____ () C:\Users\Richerts\Downloads\Addition.txt
2014-06-29 20:11 - 2014-06-29 23:07 - 00022116 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-29 20:11 - 2014-06-29 23:07 - 00000000 ____D () C:\FRST
2014-06-29 20:10 - 2014-06-29 20:11 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:14 - 2014-06-29 19:16 - 00104960 _____ () C:\Users\Richerts\Desktop\Lied zum Abschied Kl 4a Rischenau.pub
2014-06-29 19:11 - 2014-06-29 19:14 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:28 - 2014-06-23 22:50 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 23:19 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-22 23:15 - 2014-06-28 00:01 - 00008969 ____H () C:\Windows\system32\BTImages.dat
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:52 - 2014-04-30 11:01 - 00488032 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-22 22:52 - 2014-04-30 11:01 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-22 22:52 - 2014-04-30 11:00 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:51 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:21 - 2014-06-22 22:22 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 22:07 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 18:01 - 2014-06-22 18:01 - 142293945 _____ () C:\Users\Richerts\Desktop\Die großen Entdecker der Welt_ Cook, Kolumbus, Vespucci, ect..mp4
2014-06-22 17:55 - 2014-06-22 17:55 - 165446210 _____ () C:\Users\Richerts\Desktop\DOKU_Christoph Kolumbus - Die Wahre Biografie_DEUTSCH _ 2014.mp4
2014-06-22 17:42 - 2014-06-22 17:42 - 00001251 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-12 10:19 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 10:19 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 10:19 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 10:19 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 10:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 10:19 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 10:19 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 10:19 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 10:19 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 10:19 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 10:19 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 10:19 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 10:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 10:19 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 10:19 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 10:19 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 10:19 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 10:19 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 10:19 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 10:19 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 10:19 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 10:19 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 10:19 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 10:19 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 10:19 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 10:19 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 10:19 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 10:19 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 10:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 10:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 10:18 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 10:18 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 10:18 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 10:18 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 10:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 10:08 - 2014-06-29 22:56 - 00018566 _____ () C:\Windows\PFRO.log
2014-06-12 10:08 - 2014-06-29 22:56 - 00001133 _____ () C:\Windows\setupact.log
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-11 09:37 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:37 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 20:22 - 2014-06-12 13:52 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-04-17 19:36 - 00095928 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-06-02 16:49 - 2014-06-02 16:50 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:03 - 2014-05-31 12:10 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 11:59 - 2014-05-31 12:03 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
2014-05-30 23:48 - 2014-05-30 23:54 - 00000000 ____D () C:\Users\Richerts\Documents\Calibre-Bibliothek
2014-05-30 23:48 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\AppData\Local\calibre-cache
2014-05-30 23:47 - 2014-05-30 23:52 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\calibre
2014-05-30 23:47 - 2014-05-30 23:47 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\Program Files\Calibre2
2014-05-30 23:44 - 2014-05-30 23:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\Richerts\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-05-30 23:39 - 2014-05-30 23:42 - 208218905 _____ () C:\Users\Richerts\Downloads\eBook_OER_fuer_alle_Version2.0.epub
2014-05-30 10:08 - 2014-06-23 23:32 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Copernic
2014-05-30 10:08 - 2014-06-23 23:32 - 00000000 ____D () C:\Program Files\Common Files\Copernic
2014-05-30 02:35 - 2014-05-30 02:35 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
==================== One Month Modified Files and Folders =======
2014-06-29 23:08 - 2014-06-29 20:11 - 00022116 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-29 23:07 - 2014-06-29 20:11 - 00000000 ____D () C:\FRST
2014-06-29 23:06 - 2014-06-29 20:12 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-29 23:05 - 2014-06-29 23:05 - 00001475 _____ () C:\Users\Richerts\Desktop\JRT.txt
2014-06-29 23:05 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 23:05 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 23:01 - 2014-06-29 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 23:01 - 2014-06-29 23:00 - 01016261 _____ (Thisisu) C:\Users\Richerts\Downloads\JRT.exe
2014-06-29 22:57 - 2013-04-29 18:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 22:56 - 2014-06-12 10:08 - 00018566 _____ () C:\Windows\PFRO.log
2014-06-29 22:56 - 2014-06-12 10:08 - 00001133 _____ () C:\Windows\setupact.log
2014-06-29 22:56 - 2012-11-24 15:46 - 01230961 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 22:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 22:55 - 2013-12-17 22:59 - 00000000 ____D () C:\AdwCleaner
2014-06-29 22:54 - 2013-04-29 18:49 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 22:51 - 2014-06-29 22:50 - 01342659 _____ () C:\Users\Richerts\Downloads\adwcleaner_3.213.exe
2014-06-29 22:50 - 2012-12-04 21:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 22:31 - 2014-06-29 22:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:30 - 2014-06-29 22:30 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2012-11-24 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 22:28 - 2014-06-29 22:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Richerts\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-29 22:17 - 2012-11-25 16:35 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-29 22:04 - 2014-06-29 22:04 - 00001226 _____ () C:\Users\Richerts\Desktop\Revo Uninstaller.lnk
2014-06-29 22:04 - 2014-06-29 22:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-29 22:04 - 2014-06-29 22:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Richerts\Downloads\revosetup95.exe
2014-06-29 21:50 - 2013-06-14 10:38 - 00000000 ____D () C:\Users\Richerts\Desktop\Referendariat
2014-06-29 21:02 - 2013-09-30 22:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-29 20:57 - 2014-06-29 20:57 - 00003296 _____ () C:\Users\Richerts\Downloads\Gmer.txt.txt.zip
2014-06-29 20:52 - 2014-06-29 20:52 - 01110476 _____ () C:\Users\Richerts\Downloads\7z920.exe
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-29 20:14 - 2014-06-29 20:14 - 00380416 _____ () C:\Users\Richerts\Downloads\Gmer-19357.exe
2014-06-29 20:13 - 2014-06-29 20:12 - 00033909 _____ () C:\Users\Richerts\Downloads\Addition.txt
2014-06-29 20:11 - 2014-06-29 20:10 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:09 - 2012-11-24 15:51 - 00000000 ____D () C:\Users\Richerts
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:16 - 2014-06-29 19:14 - 00104960 _____ () C:\Users\Richerts\Desktop\Lied zum Abschied Kl 4a Rischenau.pub
2014-06-29 19:14 - 2014-06-29 19:11 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-28 20:16 - 2012-11-24 15:53 - 01622904 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 12:59 - 2013-07-27 23:02 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\KeePass
2014-06-28 00:01 - 2014-06-22 23:15 - 00008969 ____H () C:\Windows\system32\BTImages.dat
2014-06-27 23:59 - 2013-05-25 22:45 - 00000000 ____D () C:\Program Files\Schulfix
2014-06-27 23:58 - 2013-12-16 18:26 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-26 21:06 - 2014-06-22 22:07 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Copernic
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Program Files\Common Files\Copernic
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:50 - 2014-06-23 22:28 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:26 - 2012-12-01 22:03 - 00000000 ____D () C:\Users\Richerts\AppData\Local\Microsoft Help
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:51 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:36 - 2013-03-29 19:39 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\QuickScan
2014-06-22 22:22 - 2014-06-22 22:21 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:19 - 2014-03-26 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-22 22:19 - 2013-05-10 22:16 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\DVDVideoSoft
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 18:01 - 2014-06-22 18:01 - 142293945 _____ () C:\Users\Richerts\Desktop\Die großen Entdecker der Welt_ Cook, Kolumbus, Vespucci, ect..mp4
2014-06-22 17:55 - 2014-06-22 17:55 - 165446210 _____ () C:\Users\Richerts\Desktop\DOKU_Christoph Kolumbus - Die Wahre Biografie_DEUTSCH _ 2014.mp4
2014-06-22 17:42 - 2014-06-22 17:42 - 00001251 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-18 17:02 - 2013-01-09 16:23 - 00000000 ____D () C:\Users\Richerts\Documents\Steuerfälle
2014-06-17 07:01 - 2014-04-26 13:12 - 00002175 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-06-12 18:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 15:27 - 2014-05-07 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 13:52 - 2014-06-03 20:22 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 00:15 - 2013-08-24 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:15 - 2012-12-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 00:13 - 2012-11-24 16:51 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:51 - 2014-04-11 14:17 - 00000000 ____D () C:\Users\Richerts\Desktop\DUA_DUA_zeitreise_2_NRW_451026
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-08 10:48 - 2014-06-12 10:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 10:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 17:05 - 2014-06-02 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:49 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:10 - 2014-05-31 12:03 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 12:03 - 2014-05-31 11:59 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
2014-05-30 23:54 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\Documents\Calibre-Bibliothek
2014-05-30 23:52 - 2014-05-30 23:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\calibre
2014-05-30 23:48 - 2014-05-30 23:48 - 00000000 ____D () C:\Users\Richerts\AppData\Local\calibre-cache
2014-05-30 23:47 - 2014-05-30 23:47 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-05-30 23:47 - 2014-05-30 23:47 - 00000000 ____D () C:\Program Files\Calibre2
2014-05-30 23:44 - 2014-05-30 23:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\Richerts\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-05-30 23:42 - 2014-05-30 23:39 - 208218905 _____ () C:\Users\Richerts\Downloads\eBook_OER_fuer_alle_Version2.0.epub
2014-05-30 11:18 - 2014-06-12 10:19 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 10:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 10:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 10:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 10:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 10:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 10:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 10:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 10:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 10:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 10:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 10:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 10:19 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 10:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 10:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 10:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 10:19 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 10:19 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 10:19 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 10:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 10:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 10:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 10:19 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 10:19 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 10:19 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 10:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 02:35 - 2014-05-30 02:35 - 00456088 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
Some content of TEMP:
====================
C:\Users\Richerts\AppData\Local\Temp\avgnt.exe
C:\Users\Richerts\AppData\Local\Temp\BackupSetup.exe
C:\Users\Richerts\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Richerts\AppData\Local\Temp\Quarantine.exe
C:\Users\Richerts\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Richerts\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-29 17:44
==================== End Of Log ============================
--- --- --- Vielen Dank für die Hilfe! Gruß, Peter |
|
30.06.2014, 13:25
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Eventueller Virenbefall durch Netzwerk?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2014, 16:57
| #5 |
| | Windows 7: Eventueller Virenbefall durch Netzwerk? Hallo "schrauber", die Systemsteuerung reagiert seit den letzten Aktionen nicht mehr. Das ist mir aufgefallen, als ich gerade den EsetScanner deinstallieren wollte. Die Systemsteuerung stürzt immer ab. Eine zusätzliche Frage: Darf ich Spybot deinstallieren, obwohl das Programm eventuell auch irgendwelche "Viren/Adware/Malware" in Quarantäne hat? Hier meine Log-files: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4e6a68347088144b96297b7f0f9a4b53
# engine=18950
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-30 02:53:05
# local_time=2014-06-30 04:53:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63098 155771176 0 0
# compatibility_mode_1='ZoneAlarm Antivirus'
# compatibility_mode=9221 16777213 100 98 669671 19847783 0 0
# scanned=184781
# found=41
# cleaned=0
# scan_time=5384
sh=8BC417D84335C8A2984292D841C3006F4AA33F19 ft=1 fh=b832c00106aff94b vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir"
sh=CF9209557CC4828F1A8536F5AF66358A81393A75 ft=1 fh=b354853738a44732 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\SoftonicApp.dll.vir"
sh=277966AAC8DD994109B77162DB82849EF1FC8D62 ft=1 fh=f7e7b232febc88cd vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\SoftonicEng.dll.vir"
sh=431CA401E93A36C4FB726D12B16B4CC058A2C770 ft=1 fh=7cd1c9f2502352b3 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\Softonicsrv.exe.vir"
sh=09AD2A1BCD218E1EA91FC53F55CB6A61770E1144 ft=1 fh=0234086e10d7e544 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll.vir"
sh=54002848ADA82AC181EAC551104FA02E8CBE4585 ft=1 fh=bfddd9982b578fa9 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\uninstall.exe.vir"
sh=54CBEECF2F4AB81622D6708E8A849E3663853F4D ft=1 fh=a481e6d08e557a48 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Softonic\Softonic\1.8.21.14\bh\Softonic.dll.vir"
sh=59A6EB9C86C0A9818A025215A96BC4A6BACAE5F6 ft=1 fh=45f34dd517244455 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\YTD Toolbar\IE\8.9\ytdToolbarIE64.dll.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Richerts\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=C2EEB7A2E6ED49A1CF602CFEB9224B62A0D14994 ft=1 fh=f0dc28e17e336e2e vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Richerts\AppData\Roaming\OpenCandy\BE7A50B003714211BB4D5A9BB29A4FB2\Installer.exe.vir"
sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Richerts\AppData\Roaming\OpenCandy\C6837BCD348E46DEBC1104A9030C5C5A\Setupsft_chr_p1v7.exe.vir"
sh=7E62CD24C68C6873E2367358E9B67F26B832DD4A ft=1 fh=c71c001152d7a4ca vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmApp.dll"
sh=AD188F10AB5A30A6EE8149A6AAF68247FC9E63E5 ft=1 fh=c71c00110d6f5af3 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll"
sh=DA7464E58409B29B1ED2C7A65F3FD61402DAC1A5 ft=1 fh=dce5cbde4ee07593 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe"
sh=9F1F8446680FD61541FCC3E2B75E44E0EDCDFCAE ft=1 fh=e93b79f29aa9228b vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\CUninstallerZA.exe"
sh=AD9F3DAA348EEA4E74B2FAD65EA492F32CA72339 ft=1 fh=ce06389d744632d2 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\zatb.exe"
sh=A2FD431D4B1BD190975DD0DC5177B516DC76CC05 ft=1 fh=17625d6a17306e37 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c0ac"
sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QQ6GN7F\BiTool[1].dll"
sh=861BC6E83375DE59B304035C773469F510483931 ft=1 fh=c8c07ed958be4d81 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QQ6GN7F\setup[1].exe"
sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Local\Temp\bitool.dll"
sh=861BC6E83375DE59B304035C773469F510483931 ft=1 fh=c8c07ed958be4d81 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Local\Temp\nss3A73.tmp"
sh=9B5AA9D21F25F281DCD07094AAEE9BD4CF03F12D ft=1 fh=1c058e4f2945e215 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe"
sh=8490554F15357EA162494EE1763509959F3EBAEB ft=1 fh=58b66b725959d138 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe"
sh=E4772585CEB9AA369A292D03667C7AA76E9EA04A ft=1 fh=274da3f94e245cf7 vn="Win32/Toolbar.Montiera.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe"
sh=4881E24542AAFE804FB204B39ABE760FAB53D52C ft=1 fh=245fe282c2f8de1f vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=E27BFC4D757E7269BE53B801AD4C058F56623775 ft=1 fh=7afcac260c0c1777 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_23.dll"
sh=EB0D014C4B7E16F628A816B9A3DA95905FEA3CE9 ft=1 fh=16130987cff99b1d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_24.dll"
sh=91B9CE0FE444439EA625E401F555478341FBA535 ft=1 fh=70a581e062448c82 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=A5748CA62A756F212AA267CD31989393C39CD415 ft=1 fh=011b388a5baa332d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=D8C54D29874F61EFDDA2D50104BD888C027A7722 ft=1 fh=061d1f7cfee24095 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\extensions\{f9fc93be-f796-7006-7b62-402a556f07a7}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Richerts\Desktop\Referendariat\Unterricht Geschichte\Unterrichtsmaterialien von CDs\Rund um (2.0) ... denkmal 2 NRW\99_Nuetzliche_Programme\Foxit\FoxitReader514.0104_enu_Setup.exe"
sh=1E6492DC34B2374E4673733D8E91A5C8C24734D4 ft=1 fh=c4641876c01c22e8 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Richerts\Desktop\Referendariat\Unterricht Geschichte\Unterrichtsmaterialien von CDs\Rund um (2.0) ... denkmal 3 NRW\99_Nuetzliche_Programme\Foxit\FoxitReader602.0413_enu_Setup.exe"
sh=A6E71438804A795144AAC6A1E44169ABD1E2D534 ft=1 fh=5c8d0e776a1e18c2 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\32bit_Standard_v206.exe"
sh=D95BEBD6BACD9A0C11B7FF02D6B049306B4E5269 ft=1 fh=f453998ee61f4011 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\Calibre 32 Bit - CHIP-Installer.exe"
sh=19953C6B253D85DE679B3967A089CA35B132E5F2 ft=1 fh=2c8599c3eb7c3821 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe"
sh=47DA0A4A23B5F6FA4C8DD6BD9B6055691E4339EB ft=1 fh=2ec24482c96e1f8f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe"
sh=91A80C205C65E37F27D0E608EF65B2BE523E18BD ft=1 fh=4fcdf0195d1e4a50 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\YTDSetup481.exe"
sh=A2FD431D4B1BD190975DD0DC5177B516DC76CC05 ft=1 fh=17625d6a17306e37 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe"
sh=A2FD431D4B1BD190975DD0DC5177B516DC76CC05 ft=1 fh=17625d6a17306e37 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe"
sh=4E2FFDA2B4D7081B06D0B608D60683838A94C5F7 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\35a22a0f.msi"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ZoneAlarm Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
TuneUp Utilities Language Pack (de-DE)
CCleaner
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Peter Sorry, habe die FRST-Logfile vergessen: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Richerts (administrator) on RICHERTS-PC on 30-06-2014 17:54:07
Running from C:\Users\Richerts\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Buffalo Inc.) C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24Creator\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2263252255-1708856640-2164245826-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\Richerts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8D34185D0C35CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {FB442BEF-A6F0-4316-8168-EC3575B2A5C2} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Homepage: https://de.search.yahoo.com/?type=501549&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-03-26]
FF Extension: No Name - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-03-26]
FF Extension: HDvid Codec - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\profiles\extensions\hdvc@hdvc.com.xpi [2013-04-17]
FF Extension: Snap.Do - C:\Users\Richerts\AppData\Roaming\Mozilla\Firefox\Profiles\2sa4jryb.default\Extensions\{f9fc93be-f796-7006-7b62-402a556f07a7} [2014-03-26]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-01-07]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-15]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-15]
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (WOT) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Adblock Plus) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-29]
CHR Extension: (Google-Suche) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Readium) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-05-30]
CHR Extension: (3D-Bowling) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm [2013-04-29]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-06-22]
CHR Extension: (LearningApps.org) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkpajokdkoidfiohkeknhhheinfpimfc [2014-03-31]
CHR Extension: (World Data Atlas) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2014-03-31]
CHR Extension: (WorkFlowy) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Richerts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKCU\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2006-01-17] (The Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1527895 2006-01-17] (The Firebird Project) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251760 2014-01-05] (BUFFALO INC.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 15:33 - 2014-06-30 15:33 - 00854367 _____ () C:\Users\Richerts\Downloads\SecurityCheck.exe
2014-06-30 15:21 - 2014-06-30 15:21 - 02347384 _____ (ESET) C:\Users\Richerts\Downloads\esetsmartinstaller_deu.exe
2014-06-30 15:21 - 2014-06-30 15:21 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 23:41 - 2014-06-29 23:41 - 00001944 _____ () C:\Users\Richerts\Desktop\Amazon.de.lnk
2014-06-29 23:41 - 2014-06-29 23:41 - 00001113 _____ () C:\Users\Richerts\Desktop\Arbeitsblatt-Manager.lnk
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird_1_5
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arbeitsblatt-Manager
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\Program Files\Arbeitsblatt-Manager
2014-06-29 23:41 - 2006-01-17 01:05 - 00356439 _____ (The Firebird Project) C:\Windows\system32\GDS32.DLL
2014-06-29 23:40 - 2014-06-29 23:40 - 05034093 _____ (Jochen Milchsack ) C:\Users\Richerts\Downloads\abm.exe
2014-06-29 23:21 - 2010-11-20 05:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll.bak
2014-06-29 23:20 - 2014-06-29 23:21 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Standard
2014-06-29 23:20 - 2014-06-29 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2014-06-29 23:20 - 2014-06-29 23:20 - 00000000 ____D () C:\Program Files\Shark007
2014-06-29 23:20 - 2013-04-05 21:26 - 01679360 _____ () C:\Windows\system32\ac3filter.acm.new
2014-06-29 23:19 - 2014-06-29 23:21 - 00000000 ____D () C:\ProgramData\Standard
2014-06-29 23:17 - 2014-06-29 23:17 - 15603576 _____ () C:\Users\Richerts\Downloads\32bit_Standard_v206.exe
2014-06-29 23:01 - 2014-06-29 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 23:00 - 2014-06-29 23:01 - 01016261 _____ (Thisisu) C:\Users\Richerts\Downloads\JRT.exe
2014-06-29 22:50 - 2014-06-29 22:51 - 01342659 _____ () C:\Users\Richerts\Downloads\adwcleaner_3.213.exe
2014-06-29 22:30 - 2014-06-29 22:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:30 - 2014-06-29 22:30 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 22:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 22:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-29 22:04 - 2014-06-29 22:04 - 00001226 _____ () C:\Users\Richerts\Desktop\Revo Uninstaller.lnk
2014-06-29 22:04 - 2014-06-29 22:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-29 22:03 - 2014-06-29 22:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Richerts\Downloads\revosetup95.exe
2014-06-29 20:57 - 2014-06-29 20:57 - 00003296 _____ () C:\Users\Richerts\Downloads\Gmer.txt.txt.zip
2014-06-29 20:52 - 2014-06-29 20:52 - 01110476 _____ () C:\Users\Richerts\Downloads\7z920.exe
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-29 20:14 - 2014-06-29 20:14 - 00380416 _____ () C:\Users\Richerts\Downloads\Gmer-19357.exe
2014-06-29 20:12 - 2014-06-30 17:51 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-29 20:12 - 2014-06-29 20:13 - 00033909 _____ () C:\Users\Richerts\Downloads\Addition.txt
2014-06-29 20:11 - 2014-06-30 17:54 - 00022818 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-29 20:11 - 2014-06-30 17:54 - 00000000 ____D () C:\FRST
2014-06-29 20:10 - 2014-06-29 20:11 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:11 - 2014-06-29 19:14 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:28 - 2014-06-23 22:50 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 23:19 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-22 23:15 - 2014-06-29 23:20 - 00010089 ____H () C:\Windows\system32\BTImages.dat
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:52 - 2014-04-30 11:01 - 00488032 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-22 22:52 - 2014-04-30 11:01 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-22 22:52 - 2014-04-30 11:00 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:51 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:21 - 2014-06-22 22:22 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 22:07 - 2014-06-30 17:39 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-12 10:19 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 10:19 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 10:19 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 10:19 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 10:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 10:19 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 10:19 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 10:19 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 10:19 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 10:19 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 10:19 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 10:19 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 10:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 10:19 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 10:19 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 10:19 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 10:19 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 10:19 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 10:19 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 10:19 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 10:19 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 10:19 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 10:19 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 10:19 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 10:19 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 10:19 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 10:19 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 10:19 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 10:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 10:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 10:18 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 10:18 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 10:18 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 10:18 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 10:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 10:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 10:08 - 2014-06-30 17:37 - 00001189 _____ () C:\Windows\setupact.log
2014-06-12 10:08 - 2014-06-29 22:56 - 00018566 _____ () C:\Windows\PFRO.log
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-11 09:37 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:37 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-05 11:00 - 2014-06-05 11:00 - 01655296 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 20:22 - 2014-06-12 13:52 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-04-17 19:36 - 00095928 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-06-02 16:49 - 2014-06-02 16:50 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:03 - 2014-05-31 12:10 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 11:59 - 2014-05-31 12:03 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
==================== One Month Modified Files and Folders =======
2014-06-30 17:54 - 2014-06-29 20:11 - 00022818 _____ () C:\Users\Richerts\Downloads\FRST.txt
2014-06-30 17:54 - 2014-06-29 20:11 - 00000000 ____D () C:\FRST
2014-06-30 17:54 - 2013-04-29 18:49 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 17:51 - 2014-06-29 20:12 - 00000000 ____D () C:\Users\Richerts\Desktop\Trojaner Board
2014-06-30 17:50 - 2012-12-04 21:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 17:45 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:45 - 2009-07-14 06:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:43 - 2012-11-24 15:53 - 01622904 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 17:42 - 2012-11-24 15:46 - 01256424 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 17:39 - 2014-06-22 22:07 - 00000000 ____D () C:\Users\Richerts\Desktop\Videos 8c
2014-06-30 17:38 - 2013-04-29 18:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 17:37 - 2014-06-12 10:08 - 00001189 _____ () C:\Windows\setupact.log
2014-06-30 17:37 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 15:33 - 2014-06-30 15:33 - 00854367 _____ () C:\Users\Richerts\Downloads\SecurityCheck.exe
2014-06-30 15:21 - 2014-06-30 15:21 - 02347384 _____ (ESET) C:\Users\Richerts\Downloads\esetsmartinstaller_deu.exe
2014-06-30 15:21 - 2014-06-30 15:21 - 00000000 ____D () C:\Program Files\ESET
2014-06-29 23:41 - 2014-06-29 23:41 - 00001944 _____ () C:\Users\Richerts\Desktop\Amazon.de.lnk
2014-06-29 23:41 - 2014-06-29 23:41 - 00001113 _____ () C:\Users\Richerts\Desktop\Arbeitsblatt-Manager.lnk
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird_1_5
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arbeitsblatt-Manager
2014-06-29 23:41 - 2014-06-29 23:41 - 00000000 ____D () C:\Program Files\Arbeitsblatt-Manager
2014-06-29 23:41 - 2013-05-25 22:17 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Arbeitsblatt-Manager
2014-06-29 23:40 - 2014-06-29 23:40 - 05034093 _____ (Jochen Milchsack ) C:\Users\Richerts\Downloads\abm.exe
2014-06-29 23:24 - 2013-07-27 23:02 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\KeePass
2014-06-29 23:21 - 2014-06-29 23:20 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Standard
2014-06-29 23:21 - 2014-06-29 23:19 - 00000000 ____D () C:\ProgramData\Standard
2014-06-29 23:20 - 2014-06-29 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2014-06-29 23:20 - 2014-06-29 23:20 - 00000000 ____D () C:\Program Files\Shark007
2014-06-29 23:20 - 2014-06-22 23:15 - 00010089 ____H () C:\Windows\system32\BTImages.dat
2014-06-29 23:17 - 2014-06-29 23:17 - 15603576 _____ () C:\Users\Richerts\Downloads\32bit_Standard_v206.exe
2014-06-29 23:01 - 2014-06-29 23:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 23:01 - 2014-06-29 23:00 - 01016261 _____ (Thisisu) C:\Users\Richerts\Downloads\JRT.exe
2014-06-29 22:56 - 2014-06-12 10:08 - 00018566 _____ () C:\Windows\PFRO.log
2014-06-29 22:55 - 2013-12-17 22:59 - 00000000 ____D () C:\AdwCleaner
2014-06-29 22:51 - 2014-06-29 22:50 - 01342659 _____ () C:\Users\Richerts\Downloads\adwcleaner_3.213.exe
2014-06-29 22:31 - 2014-06-29 22:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 22:30 - 2014-06-29 22:30 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2014-06-29 22:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-06-29 22:30 - 2012-11-24 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 22:17 - 2012-11-25 16:35 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-29 22:04 - 2014-06-29 22:04 - 00001226 _____ () C:\Users\Richerts\Desktop\Revo Uninstaller.lnk
2014-06-29 22:04 - 2014-06-29 22:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-29 22:04 - 2014-06-29 22:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Richerts\Downloads\revosetup95.exe
2014-06-29 21:50 - 2013-06-14 10:38 - 00000000 ____D () C:\Users\Richerts\Desktop\Referendariat
2014-06-29 21:02 - 2013-09-30 22:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-29 20:57 - 2014-06-29 20:57 - 00003296 _____ () C:\Users\Richerts\Downloads\Gmer.txt.txt.zip
2014-06-29 20:52 - 2014-06-29 20:52 - 01110476 _____ () C:\Users\Richerts\Downloads\7z920.exe
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-29 20:52 - 2014-06-29 20:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-29 20:14 - 2014-06-29 20:14 - 00380416 _____ () C:\Users\Richerts\Downloads\Gmer-19357.exe
2014-06-29 20:13 - 2014-06-29 20:12 - 00033909 _____ () C:\Users\Richerts\Downloads\Addition.txt
2014-06-29 20:11 - 2014-06-29 20:10 - 01073664 _____ (Farbar) C:\Users\Richerts\Downloads\FRST.exe
2014-06-29 20:09 - 2014-06-29 20:09 - 00000478 _____ () C:\Users\Richerts\Downloads\defogger_disable.log
2014-06-29 20:09 - 2014-06-29 20:09 - 00000000 _____ () C:\Users\Richerts\defogger_reenable
2014-06-29 20:09 - 2012-11-24 15:51 - 00000000 ____D () C:\Users\Richerts
2014-06-29 20:08 - 2014-06-29 20:08 - 00050477 _____ () C:\Users\Richerts\Downloads\Defogger.exe
2014-06-29 19:14 - 2014-06-29 19:11 - 00097792 _____ () C:\Users\Richerts\Downloads\Lied zum Abschied.pub
2014-06-27 23:59 - 2013-05-25 22:45 - 00000000 ____D () C:\Program Files\Schulfix
2014-06-27 23:58 - 2013-12-16 18:26 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-06-26 21:09 - 2014-06-26 21:09 - 154764088 _____ () C:\Users\Richerts\Documents\Amazing Modern Dancing Airport Flashmob 2014.mp4
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Copernic
2014-06-23 23:32 - 2014-05-30 10:08 - 00000000 ____D () C:\Program Files\Common Files\Copernic
2014-06-23 22:51 - 2014-06-23 22:51 - 00023843 _____ () C:\Users\Richerts\Downloads\UR_Entwurf_ Napoleon _ Kaiser der Franzosen.zip
2014-06-23 22:50 - 2014-06-23 22:28 - 07610880 _____ () C:\Users\Richerts\Downloads\Napoleon Bonaparte.ppt
2014-06-23 16:26 - 2012-12-01 22:03 - 00000000 ____D () C:\Users\Richerts\AppData\Local\Microsoft Help
2014-06-23 16:25 - 2014-06-23 16:25 - 00868352 _____ () C:\Users\Richerts\Downloads\206.ppt
2014-06-23 16:24 - 2014-06-23 16:24 - 01362944 _____ () C:\Users\Richerts\Downloads\202.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00338432 _____ () C:\Users\Richerts\Downloads\195.ppt
2014-06-23 16:23 - 2014-06-23 16:23 - 00104960 _____ () C:\Users\Richerts\Downloads\197.ppt
2014-06-23 16:21 - 2014-06-23 16:21 - 00582144 _____ () C:\Users\Richerts\Downloads\193.ppt
2014-06-23 16:18 - 2014-06-23 16:18 - 00384512 _____ () C:\Users\Richerts\Downloads\199.ppt
2014-06-22 22:52 - 2014-06-22 22:52 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-06-22 22:51 - 2014-06-22 22:51 - 00000732 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-06-22 22:51 - 2014-06-22 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-06-22 22:51 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\CheckPoint
2014-06-22 22:48 - 2014-06-22 22:48 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000 (1).exe
2014-06-22 22:47 - 2014-06-22 22:47 - 03394856 _____ (Check Point Software Technologies Ltd.) C:\Users\Richerts\Downloads\zaSetupWeb_132_015_000.exe
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\Check Point Software Technologies LTD
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-22 22:47 - 2014-06-22 22:47 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-06-22 22:36 - 2013-03-29 19:39 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\QuickScan
2014-06-22 22:22 - 2014-06-22 22:21 - 00000000 ____D () C:\Users\Richerts\Desktop\Wir sind die Maus Wave Datei
2014-06-22 22:19 - 2014-06-22 22:19 - 00002178 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-06-22 22:19 - 2014-03-26 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-22 22:19 - 2014-03-26 23:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-22 22:19 - 2013-05-10 22:16 - 00000000 ____D () C:\Users\Richerts\AppData\Roaming\DVDVideoSoft
2014-06-22 22:17 - 2014-06-22 22:17 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Richerts\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-22 21:19 - 2014-06-22 21:19 - 00810950 _____ () C:\Users\Richerts\Downloads\sprachgeschichte_offen.zip
2014-06-22 17:41 - 2014-06-22 17:41 - 11227432 _____ () C:\Users\Richerts\Downloads\YTDSetup481.exe
2014-06-18 17:02 - 2013-01-09 16:23 - 00000000 ____D () C:\Users\Richerts\Documents\Steuerfälle
2014-06-17 07:01 - 2014-04-26 13:12 - 00002175 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-06-12 18:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 15:27 - 2014-05-07 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 13:52 - 2014-06-03 20:22 - 00000000 ____D () C:\Users\Richerts\Desktop\UPPs
2014-06-12 10:08 - 2014-06-12 10:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 00:15 - 2013-08-24 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:15 - 2012-12-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 00:13 - 2012-11-24 16:51 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:51 - 2014-04-11 14:17 - 00000000 ____D () C:\Users\Richerts\Desktop\DUA_DUA_zeitreise_2_NRW_451026
2014-06-09 13:32 - 2014-06-09 13:32 - 00015872 _____ () C:\Users\Richerts\Downloads\Rueckmeldebogen Schuelerverhalten_positive Verstaerkung.xls
2014-06-08 10:48 - 2014-06-12 10:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 10:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 17:05 - 2014-06-02 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-05 11:00 - 2014-06-05 11:00 - 01655296 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll
2014-06-03 20:45 - 2014-06-03 20:45 - 00691572 _____ () C:\Users\Richerts\Downloads\kommunikation.hlp
2014-06-03 17:53 - 2014-06-03 17:53 - 00000000 ____D () C:\Users\Richerts\AppData\Local\PDFCreator
2014-06-02 19:00 - 2014-06-02 19:00 - 00417416 _____ () C:\Users\Richerts\Downloads\diversevorlagen.zip
2014-06-02 16:53 - 2014-06-02 16:53 - 13525781 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-setup-3.02.02.exe
2014-06-02 16:50 - 2014-06-02 16:50 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-02 16:50 - 2014-06-02 16:49 - 01825064 _____ () C:\Users\Richerts\Downloads\tesseract-ocr-3.02.deu.tar.gz
2014-06-02 10:44 - 2014-06-02 10:44 - 25055960 _____ (pdfforge ) C:\Users\Richerts\Downloads\PDFCreator-1_9_3-setup.exe
2014-06-01 22:29 - 2014-06-01 22:29 - 00045541 _____ () C:\Users\Richerts\Downloads\marseillaise_military.mid
2014-06-01 22:28 - 2014-06-01 22:28 - 00007107 _____ () C:\Users\Richerts\Downloads\marseillaise.mid
2014-06-01 22:09 - 2014-06-01 22:09 - 03238941 _____ () C:\Users\Richerts\Downloads\Sicherung_Millionenshow_AntikesGriechenland.zip
2014-06-01 21:59 - 2014-06-01 21:59 - 00102978 _____ () C:\Users\Richerts\Downloads\12Maerchen.zip
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\Users\Richerts\Documents\Eendsoft
2014-05-31 12:12 - 2014-05-31 12:12 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 12:10 - 2014-05-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector
2014-05-31 12:10 - 2014-05-31 12:03 - 00000000 ____D () C:\Program Files\Picto Selector
2014-05-31 12:03 - 2014-05-31 11:59 - 230896024 _____ (M.C. van der Kooij ) C:\Users\Richerts\Downloads\setup_complete.exe
2014-05-31 09:23 - 2014-05-31 09:23 - 00003332 _____ () C:\Users\Richerts\Downloads\McPower_Flag_of_Germany_(with_wind).svg
2014-05-31 09:14 - 2014-05-31 09:14 - 02086912 _____ () C:\Users\Richerts\Downloads\UE-Saeuren_im_Alltag.ppt
Some content of TEMP:
====================
C:\Users\Richerts\AppData\Local\Temp\avgnt.exe
C:\Users\Richerts\AppData\Local\Temp\BackupSetup.exe
C:\Users\Richerts\AppData\Local\Temp\bitool.dll
C:\Users\Richerts\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Richerts\AppData\Local\Temp\Quarantine.exe
C:\Users\Richerts\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Richerts\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-29 17:44
==================== End Of Log ============================
--- --- --- --- --- --- |
|
01.07.2014, 11:32
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Eventueller Virenbefall durch Netzwerk? Ja, kannste deinstallieren, ebenso würde ich ZoneAlarm deinstallieren. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. http://www.trojaner-board.de/126216-...epair-aio.html Bitte mal laufen lassen.
__________________ --> Windows 7: Eventueller Virenbefall durch Netzwerk? |
|
01.07.2014, 18:11
| #7 |
| | Windows 7: Eventueller Virenbefall durch Netzwerk? Hallo "schrauber", wenn ich ZoneAlarm lösche habe ich allerdings kein Antivirenprogramm. Hast du vielleicht Alternativen, oder braucht man gar keines??? Hier die Logfile von Windows Repair (AIO) Code:
ATTFilter System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 32-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: RICHERTS-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Richerts
Current Profile SID: S-1-5-21-2263252255-1708856640-2164245826-1000
Current Profile Classes: S-1-5-21-2263252255-1708856640-2164245826-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Richerts\AppData\Local
--------------------------------------------------------------------------------
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:34:23
Process Count: 95
Commit Total: 2,08 GB
Commit Limit: 5,99 GB
Commit Peak: 2,51 GB
Handle Count: 25419
Kernel Total: 293,06 MB
Kernel Paged: 232,14 MB
Kernel Non Paged: 60,93 MB
System Cache: 1,41 GB
Thread Count: 1078
--------------------------------------------------------------------------------
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,99 GB
Memory Used: 1,62 GB(54,0146%)
Memory Avail.: 1,38 GB
--------------------------------------------------------------------------------
Cleaning Memory Before Starting Repairs...
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,99 GB
Memory Used: 1,29 GB(43,1538%)
Memory Avail.: 1,70 GB
--------------------------------------------------------------------------------
Starting Repairs...
Start (01.07.2014 18:08:10)
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (01.07.2014 18:08:19)
Running Repair Under Current User Account
Done (01.07.2014 18:11:50)
01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (01.07.2014 18:11:50)
Running Repair Under System Account
Done (01.07.2014 18:17:58)
01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (01.07.2014 18:17:58)
Running Repair Under System Account
Done (01.07.2014 18:20:13)
02 - Reset File Permissions: C:
C: & Sub Folders
Start (01.07.2014 18:20:13)
Running Repair Under System Account
Done (01.07.2014 18:26:17)
02 - Reset File Permissions: All Profiles
C:\Users & Sub Folders
Start (01.07.2014 18:26:17)
Running Repair Under System Account
Done (01.07.2014 18:30:15)
02 - Reset File Permissions: Current Profile
C:\Users\Richerts & Sub Folders
Start (01.07.2014 18:30:15)
Running Repair Under System Account
Done (01.07.2014 18:33:55)
02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (01.07.2014 18:33:55)
Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Music>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\Application Data>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\Cookies>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\Local Settings>
Reading the SD from <\\?\C:\Users\Richerts\Local Settings> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\My Documents>
Reading the SD from <\\?\C:\Users\Richerts\My Documents> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\NetHood>
Reading the SD from <\\?\C:\Users\Richerts\NetHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\PrintHood>
Reading the SD from <\\?\C:\Users\Richerts\PrintHood> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\Recent>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\SendTo>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\Start Menu>
Reading the SD from <\\?\C:\Users\Richerts\Start Menu> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\Templates>
Reading the SD from <\\?\C:\Users\Richerts\Templates> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\Richerts\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\AppData\Local\History>
Reading the SD from <\\?\C:\Users\Richerts\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\AppData\Local\Temporary Internet Files>
SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Richerts\Documents\My Music>
Reading the SD from <\\?\C:\Users\Richerts\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\Richerts\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Processing ACL of: <\\?\C:\Users\Richerts\Documents\My Videos>
Reading the SD from <\\?\C:\Users\Richerts\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden.
SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: Das System kann die angegebene Datei nicht finden.
Done (01.07.2014 18:34:03)
03 - Reset Service Permissions
Start (01.07.2014 18:34:03)
Running Repair Under System Account
Done (01.07.2014 18:34:16)
04 - Register System Files
Start (01.07.2014 18:34:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:34:48)
05 - Repair WMI
Start (01.07.2014 18:34:48)
Starting Security Center So We Can Export The Security Info.
Exporting Antivirus Info...
ZoneAlarm Antivirus Exported.
Exporting AntiSpyware Info...
ZoneAlarm Anti-Spyware Exported.
Windows Defender Exported.
Spybot - Search and Destroy Exported.
Exporting 3rd Party Firewall Info...
ZoneAlarm Firewall Exported.
Running Repair Under Current User Account
Done (01.07.2014 18:37:47)
06 - Repair Windows Firewall
Start (01.07.2014 18:37:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:38:31)
07 - Repair Internet Explorer
Start (01.07.2014 18:38:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:39:01)
08 - Repair MDAC/MS Jet
Start (01.07.2014 18:39:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:39:10)
09 - Repair Hosts File
Start (01.07.2014 18:39:10)
Running Repair Under System Account
Done (01.07.2014 18:39:13)
10 - Remove Policies Set By Infections
Start (01.07.2014 18:39:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:39:17)
11 - Repair Start Menu Icons Removed By Infections
Start (01.07.2014 18:39:17)
Running Repair Under System Account
Done (01.07.2014 18:39:20)
12 - Repair Icons
Start (01.07.2014 18:39:20)
Running Repair Under Current User Account
Done (01.07.2014 18:39:23)
13 - Repair Winsock & DNS Cache
Start (01.07.2014 18:39:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:39:45)
14 - Remove Temp Files
Start (01.07.2014 18:39:45)
Running Repair Under System Account
Done (01.07.2014 18:39:47)
15 - Repair Proxy Settings
Start (01.07.2014 18:39:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:39:52)
16 - Unhide Non System Files
Start (01.07.2014 18:39:52)
C:\ - Total Files Unhidden: 484 - Check Unhidden_Files.txt for list of files unhidden
Done (01.07.2014 18:41:32)
17 - Repair Windows Updates
Start (01.07.2014 18:41:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:00)
18 - Repair CD/DVD Missing/Not Working
Start (01.07.2014 18:42:00)
iTunes was found, adding UpperFilters for iTunes Reg Key
UpperFilters added?: Wahr
Done (01.07.2014 18:42:00)
19 - Repair Volume Shadow Copy Service
Start (01.07.2014 18:42:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:14)
20 - Repair Windows Sidebar/Gadgets
Start (01.07.2014 18:42:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:21)
21 - Repair MSI (Windows Installer)
Start (01.07.2014 18:42:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:42)
22 - Repair Windows Snipping Tool
Start (01.07.2014 18:42:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:47)
23.01 - Repair bat Association
Start (01.07.2014 18:42:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:51)
23.02 - Repair cmd Association
Start (01.07.2014 18:42:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:42:56)
23.03 - Repair com Association
Start (01.07.2014 18:42:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:01)
23.04 - Repair Directory Association
Start (01.07.2014 18:43:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:06)
23.05 - Repair Drive Association
Start (01.07.2014 18:43:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:15)
23.06 - Repair exe Association
Start (01.07.2014 18:43:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:19)
23.07 - Repair Folder Association
Start (01.07.2014 18:43:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:24)
23.08 - Repair inf Association
Start (01.07.2014 18:43:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:29)
23.09 - Repair lnk (Shortcuts) Association
Start (01.07.2014 18:43:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:34)
23.10 - Repair msc Association
Start (01.07.2014 18:43:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:38)
23.11 - Repair reg Association
Start (01.07.2014 18:43:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:43)
23.12 - Repair scr Association
Start (01.07.2014 18:43:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:52)
24 - Repair Windows Safe Mode
Start (01.07.2014 18:43:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:43:57)
25 - Repair Print Spooler
Start (01.07.2014 18:43:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:44:12)
26 - Restore Important Windows Services
Start (01.07.2014 18:44:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:44:25)
27 - Set Windows Services To Default Startup
Start (01.07.2014 18:44:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (01.07.2014 18:44:38)
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1
Cleaning up empty logs...
All Selected Repairs Done.
Done (01.07.2014 18:44:39)
Total Repair Time: 00:36:31
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account
Systemsteuerung --> Programme deinstallieren geht immer noch nicht. Fehlermeldung: Windows Explorer funktioniert nicht mehr. Passiert leider jedes Mal. |
|
02.07.2014, 12:39
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Eventueller Virenbefall durch Netzwerk? Windows DVD da? Ich empfehle immer Emsisoft.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2014, 13:00
| #9 |
| | Windows 7: Eventueller Virenbefall durch Netzwerk? Hi, ja, Windows-DVD habe ich. Danke für den Tipp. |
|
03.07.2014, 11:35
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Eventueller Virenbefall durch Netzwerk? Dann mach mal bitte ein Inplace Upgrade.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2014, 14:10
| #11 |
| | Windows 7: Eventueller Virenbefall durch Netzwerk? Ein Upgrade ist leider nicht möglich, da ich eine Windows-DVD ohne Service Pack 1 habe. Die Systemsteuerung funktioniert aber wieder. War vielleicht noch eine Nachwirkung der ganzen Löschvorgänge, etc. Ist sonst bei mir jetzt "alles sauber"? Vielen Dank schon einmal für deine Hilfe und die wertvollen Tipps. |
|
04.07.2014, 13:01
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Eventueller Virenbefall durch Netzwerk? Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
