Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus Application.SearchProtect.J (EngineA)

Virus Application.SearchProtect.J (EngineA)


Log-Analyse und Auswertung: Virus Application.SearchProtect.J (EngineA)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.07.2014, 16:48   #1
Löwe1
 
Virus Application.SearchProtect.J (EngineA) - Standard

Virus Application.SearchProtect.J (EngineA)


Hi ...,
mein Virenscanner hat o.g. Virus festgestellt. Ich habe ihn in die Quarantäne verlagert.

GData-Virenscannerergebnis:
Code:
ATTFilter
 
<?xml version="1.0" encoding="utf-16"?>
<GdmmsDatabase>
  <table name="report">
    <row>
      <UserName>Gnuj</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Application.SearchProtect.J (Engine A)</VirusName>
      <Date>10.07.2014 09:50:59</Date>
      <State>Datei existiert nicht mehr</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Application.SearchProtect.J (Engine A)</VirusName>
      <Date>10.07.2014 01:30:49</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>30.06.2014 21:10:49</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsh2B43.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>30.06.2014 15:10:38</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nso6B48.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>30.06.2014 09:15:28</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsi42BC.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>28.06.2014 18:10:46</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsjB591.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>28.06.2014 12:15:17</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsn43D5.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>27.06.2014 21:22:50</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsc1756.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>27.06.2014 15:22:38</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsj50F5.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>27.06.2014 09:27:25</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsn16AD.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>26.06.2014 20:33:19</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsj15FF.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>26.06.2014 14:33:08</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsv5401.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>NT-AUTORITÄT\SYSTEM</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Variant.Adware.SearchProtect.1 (Engine A)</VirusName>
      <Date>26.06.2014 08:38:02</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Windows\Temp\nsj390B.tmp\SPtool.dll</FileName>
    </row>
    <row>
      <UserName>Gnuj</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Heur.ManBat.1 (Engine A)</VirusName>
      <Date>29.05.2014 10:22:51</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Users\Jung\AppData\Local\Temp\Lollipop_05290822.exe</FileName>
    </row>
    <row>
      <UserName>Gnuj</UserName>
      <MachineName>PC01</MachineName>
      <VirusName>Gen:Heur.ManBat.1 (Engine A)</VirusName>
      <Date>29.05.2014 10:22:50</Date>
      <State>Datei in Quarantäne verschoben</State>
      <Sender>Wächter </Sender>
      <ArchiveName />
      <FileName>C:\Users\Jung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY8IVSEY\download[1].php</FileName>
    </row>
  </table>
</GdmmsDatabase>
FRST ergab folgendes Ergebnis:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Gnuj (administrator) on PC01 on 10-07-2014 15:21:43
Running from C:\Users\Gnuj\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK_64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Vetad eG) C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(KOBIL Systems GmbH) C:\Vetad\PROGRAMM\B0000404\msdisrv.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Vetad eG) C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Vetad\PROGRAMM\A0000007\DHNC.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AVK\AVK.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vetad eG) C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Vetad eG) C:\Vetad\SYSTEM\RzpjWtch.exe
(Lotus Development Corporation) C:\lotus\organize\easyclip6.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Vetad eG) C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe
(Vetad eG) C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
(VetadeG) C:\Vetad\PROGRAMM\B0000299\AS\as.exe
(VetadeG) C:\Vetad\PROGRAMM\B0000299\AS\as.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-04-01] (May Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [AVK Client] => C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1275168 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [121120 2010-10-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Vetad.CC.ControllerUserMode] => C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (Vetad eG)
HKLM-x32\...\Run: [Vetad.CC.Clear] => C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe [32808 2013-12-23] (Vetad eG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SiPaHost] => C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe [556584 2013-03-21] (Vetad eG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\Vetad\PROGRAMM\BSoffice\service\OfficeDiag.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\Vetad\PROGRAMM\B0001401\CleanupPrintJobs.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vetad-Hinweis Mitteilungsdienst.lnk
ShortcutTarget: Vetad-Hinweis Mitteilungsdienst.lnk -> C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RZ-Druckertreiber V.2.3.lnk
ShortcutTarget: RZ-Druckertreiber V.2.3.lnk -> C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\Vetad\PROGRAMM\B0001401\UpdateDevmode.exe (Vetad eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk
ShortcutTarget: PhraseExpress Diagnose-Modus.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=55&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.Dll (Vetad eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSAScardBHO002.dll (Vetad eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
Handler: haufereader - No CLSID Value - 
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.199.10

FireFox:
========
FF ProfilePath: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: https://www.google.de/|hxxp://www.goldseiten.de/content/kurse/edelmetalle_gold.php|hxxp://www.goldseiten.de/content/kurse/edelmetalle_silber.php
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Vetad.de/Vetad_BestellManager,version=1.7 - C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\staged [2014-07-10]
FF Extension: WEB.DE MailCheck - C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\toolbar@web.de.xpi [2013-10-10]
FF Extension: Adblock Plus - C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-03]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

Chrome: 
=======
CHR HomePage: http:\/\/www.trovi.com\/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=55&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&SSPV=
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR StartupUrls: "http:\/\/www.trovi.com\/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=55&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&SSPV="
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: http:\/\/www.trovi.com\/Results.aspx?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M5DFD407C-4471-4486-8A89-6F886B0BE74B&SearchSource=58&CUI=&UM=5&UP=SP150F9C7C-2EB6-4561-AC53-5D58F16B3AA3&q={searchTerms}&SSPV=
CHR Extension: (Docs) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
CHR Extension: (Google Drive) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
CHR Extension: (YouTube) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (Google Search) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (Website Logon) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-04-26]
CHR Extension: (Gmail) - C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [bdgpjclefcppbhifgmbncakhhphkggdb] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.0.5\avg.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-01] (Adobe Systems) [File not signed]
R2 AntiVirusKit Client; C:\Program Files (x86)\G Data\AVK\AVK.exe [1800696 2012-02-28] (G Data Software AG)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [1501192 2012-02-29] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AVK\AVK_64.exe [2192320 2012-02-28] (G Data Software AG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (CL Connect LTD)
R2 Vetad Update-Service; C:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (Vetad eG)
R2 Vetad.CC.Processes.Hosting.RdtServiceMode; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R2 Vetad.Framework.RemoteServiceModel.EnablerService; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R3 Vetad.Framework.RemoteServices; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
S3 Vetad.Irw.ServiceProvider.HostXcut.Server; C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (Vetad eG)
R2 VetadPrintService; C:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (Vetad eG) [File not signed]
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-12-16] (DATA BECKER GmbH & Co KG) [File not signed]
S4 DfueSammlerDienst; C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Session0Host.exe [9256 2013-12-23] ()
R2 DVckService; C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe [2706472 2013-07-26] (Vetad eG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [116224 2012-05-18] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [4035584 2012-05-18] (Firebird Project) [File not signed]
S3 GDBackupSvc; C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe [1498616 2012-02-28] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe [459784 2012-02-29] (G Data Software AG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [12800 2013-07-03] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 KOBIL_MSDI; C:\Vetad\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [134944 2010-10-16] (Nuance Communications, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Sicherheitspaket-Dienst; C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-03-21] (Vetad eG)
S2 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-11] (AVG Technologies)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [50552 2012-12-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [111992 2012-12-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [65912 2012-12-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106648 2012-12-03] (G Data Software)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [53112 2012-12-03] (G Data Software AG)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-14] (Intel(R) Corporation)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [25344 2012-01-03] (KOBIL Systems GmbH) [File not signed]
R3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2012-11-11] (KOBIL Systems GmbH)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Vetad eG)
R0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [142944 2012-10-18] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 15:21 - 2014-07-10 15:22 - 00028294 _____ () C:\Users\Gnuj\Desktop\FRST.txt
2014-07-10 15:19 - 2014-07-10 15:21 - 00000000 ____D () C:\FRST
2014-07-10 15:09 - 2014-07-10 15:09 - 02084352 _____ (Farbar) C:\Users\Gnuj\Desktop\FRST64.exe
2014-07-10 10:36 - 2014-07-10 10:37 - 00001619 _____ () C:\DelFix.txt
2014-07-09 10:15 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:15 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:15 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:15 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 10:15 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 10:15 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:15 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 10:15 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 10:15 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 10:15 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 10:15 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 10:15 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 10:15 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 10:15 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 10:15 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 10:15 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 10:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:15 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 10:15 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:15 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 10:15 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 10:15 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 10:15 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:15 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:15 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:15 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:15 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 10:15 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 10:15 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 10:15 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 10:15 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:15 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:15 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 10:15 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 10:15 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:15 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 10:15 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 10:15 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 10:15 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 10:15 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:15 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 10:15 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 10:15 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:15 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:15 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:15 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:15 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:15 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:15 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 10:15 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:15 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:15 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:15 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:15 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:15 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:15 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:03 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 10:03 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 10:02 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:02 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:02 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:52 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:52 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:52 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-01 13:56 - 2014-07-01 14:06 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Makro funktionierend.lnk
2014-07-01 09:42 - 2014-07-01 15:27 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Vetad funktionierend.lnk
2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
2014-06-13 10:43 - 2014-06-13 10:43 - 00000000 ____D () C:\Users\Gnuj\AppData\Local\Adobe
2014-06-13 08:19 - 2014-06-13 08:52 - 01057176 _____ (Adobe) C:\Users\Gnuj\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-12 09:39 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:39 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:39 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:39 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:39 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:39 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:39 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-10 15:22 - 2014-07-10 15:21 - 00028294 _____ () C:\Users\Gnuj\Desktop\FRST.txt
2014-07-10 15:21 - 2014-07-10 15:19 - 00000000 ____D () C:\FRST
2014-07-10 15:19 - 2012-08-30 00:18 - 00000000 ____D () C:\Users\Gnuj\Documents\PhraseExpress
2014-07-10 15:17 - 2006-02-03 20:55 - 00000000 ____D () C:\Programme_noch_pruefen
2014-07-10 15:16 - 2012-11-14 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 15:15 - 2012-08-31 10:57 - 00000000 ____D () C:\Users\Gnuj\AppData\Roaming\BOM
2014-07-10 15:13 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 15:13 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 15:09 - 2014-07-10 15:09 - 02084352 _____ (Farbar) C:\Users\Gnuj\Desktop\FRST64.exe
2014-07-10 14:56 - 2012-01-03 12:41 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-10 14:26 - 2013-04-26 14:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:31 - 2013-04-26 14:26 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 11:31 - 2012-08-30 23:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-10 11:30 - 2011-12-30 14:49 - 01452697 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 11:26 - 2012-11-14 18:32 - 00046711 _____ () C:\Windows\setupact.log
2014-07-10 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 11:24 - 2012-11-06 10:41 - 00000000 ____D () C:\Users\Gnuj\Desktop\Debug_PhraseExpress
2014-07-10 10:37 - 2014-07-10 10:36 - 00001619 _____ () C:\DelFix.txt
2014-07-10 10:36 - 2013-11-14 02:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 10:22 - 2012-11-10 22:17 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 09:22 - 2009-07-14 06:45 - 00559416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:20 - 2014-05-07 01:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 09:20 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 01:33 - 2012-02-19 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 01:31 - 2013-08-14 08:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 01:29 - 2012-01-02 16:39 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 00:33 - 2012-12-05 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-09 17:12 - 2012-01-03 13:06 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{71AB425F-8084-4EBF-B2D6-CC14F5A5671F}
2014-07-09 16:33 - 2011-12-09 00:59 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-09 16:33 - 2011-12-09 00:59 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-09 16:33 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 10:17 - 2012-11-14 14:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 10:16 - 2013-11-24 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 10:16 - 2012-11-14 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:14 - 2012-12-11 22:56 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForGnuj.job
2014-07-08 22:01 - 2012-12-11 22:56 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGnuj
2014-07-08 22:01 - 2012-01-10 22:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-08 22:01 - 2012-01-03 23:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-08 13:34 - 2012-01-05 18:13 - 00000000 ___RD () C:\Test
2014-07-07 23:32 - 2012-01-23 19:44 - 00005823 _____ () C:\Users\Gnuj\AppData\Local\EmptySettings.xml
2014-07-02 20:33 - 2012-01-03 13:42 - 00000526 _____ () C:\Windows\ODBC.INI
2014-07-02 19:58 - 2012-01-03 13:21 - 00000021 _____ () C:\Windows\DvInesKurusOleServer003.INI
2014-07-02 19:19 - 2012-11-11 10:49 - 00000000 ____D () C:\Users\Gnuj\AppData\Roaming\DVASSV
2014-07-01 15:27 - 2014-07-01 09:42 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Vetad funktionierend.lnk
2014-07-01 14:06 - 2014-07-01 13:56 - 00001283 _____ () C:\Users\Gnuj\Desktop\Word Makro funktionierend.lnk
2014-07-01 08:59 - 2014-05-29 10:21 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-30 04:09 - 2014-07-09 10:03 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 10:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 14:51 - 2012-03-08 09:51 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPC01$
2014-06-28 14:51 - 2012-03-08 09:51 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForPC01$.job
2014-06-26 21:16 - 2012-01-03 13:06 - 00000000 ____D () C:\Users\Gnuj
2014-06-23 09:05 - 2012-09-02 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-23 01:11 - 2014-06-23 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 22:14 - 2014-07-09 10:15 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 10:15 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 01:21 - 2013-04-26 14:26 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 01:21 - 2013-04-26 14:26 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 03:39 - 2014-07-09 10:15 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 10:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 10:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 10:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 10:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 10:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 10:15 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 10:15 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 10:15 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 10:15 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 10:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 10:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 10:15 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 10:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 10:15 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 10:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 10:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 10:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 10:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 10:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 10:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 10:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 10:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 10:15 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 10:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 10:15 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 10:15 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 10:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 10:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 10:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 10:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 10:15 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 10:15 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 10:15 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 10:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 10:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 10:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 10:15 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 10:15 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 10:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 10:15 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 10:15 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 10:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-09 10:02 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 10:02 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 10:02 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 12:02 - 2012-01-03 13:06 - 00177208 _____ () C:\Users\Gnuj\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 07:39 - 2013-08-07 08:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-17 07:38 - 2014-06-17 07:38 - 00002311 _____ () C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
2014-06-17 07:38 - 2012-01-04 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haufe
2014-06-13 23:25 - 2013-04-26 14:26 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 10:43 - 2014-06-13 10:43 - 00000000 ____D () C:\Users\Gnuj\AppData\Local\Adobe
2014-06-13 08:52 - 2014-06-13 08:19 - 01057176 _____ (Adobe) C:\Users\Gnuj\Downloads\install_flashplayer14x32_mssd_aaa_aih.exe
2014-06-11 14:03 - 2006-01-23 13:41 - 00000000 ____D () C:\ebay

Some content of TEMP:
====================
C:\Users\Gnuj\AppData\Local\Temp\GUninstaller.exe
C:\Users\Gnuj\AppData\Local\Temp\install_flashplayer12x32_mssd_aaa_aih.exe
C:\Users\Gnuj\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gnuj\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Gnuj\AppData\Local\Temp\nsdB7F.exe
C:\Users\Gnuj\AppData\Local\Temp\nsiBED0.exe
C:\Users\Gnuj\AppData\Local\Temp\nsnC160.exe
C:\Users\Gnuj\AppData\Local\Temp\nsnC3D1.exe
C:\Users\Gnuj\AppData\Local\Temp\nssDB1.exe
C:\Users\Gnuj\AppData\Local\Temp\nsyFF4.exe
C:\Users\Gnuj\AppData\Local\Temp\Quarantine.exe
C:\Users\Gnuj\AppData\Local\Temp\Search_Protect_non_Google.exe
C:\Users\Gnuj\AppData\Local\Temp\Search_Protect_non_Google_setup.exe
C:\Users\Gnuj\AppData\Local\Temp\setup.exe
C:\Users\Gnuj\AppData\Local\Temp\SPSetup.exe
C:\Users\Gnuj\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

GMER Ergebnis:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-10 17:04:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.HP64 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Gnuj\AppData\Local\Temp\fxldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                             fffff800031be000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                             fffff800031be02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075961465 2 bytes [96, 75]
.text     C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Windows\system32\hasplms.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075961465 2 bytes [96, 75]
.text     C:\Windows\system32\hasplms.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe[2740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                 0000000075961465 2 bytes [96, 75]
.text     C:\Program Files (x86)\Efuah\iDesk\iDeskService\iDeskService.exe[2740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Vetad\PROGRAMM\B0000404\msdisrv.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075961465 2 bytes [96, 75]
.text     C:\Vetad\PROGRAMM\B0000404\msdisrv.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075961465 2 bytes [96, 75]
.text     C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075961465 2 bytes [96, 75]
.text     C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075961465 2 bytes [96, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000075961465 2 bytes [96, 75]
.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2
.text     C:\Vetad\PROGRAMM\DFUEISDN\sslclt\sslclt.exe[7564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075961465 2 bytes [96, 75]
.text     C:\Vetad\PROGRAMM\DFUEISDN\sslclt\sslclt.exe[7564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000759614bb 2 bytes [96, 75]
.text     ...                                                                                                                                            * 2

---- EOF - GMER 2.1 ----
--- --- ---

Fortsetzung folgt gezippt wegen zu großem Dateiumfang:
GMER Ergebnis:
Geändert von Löwe1 (10.07.2014 um 17:26 Uhr)

 

Themen zu Virus Application.SearchProtect.J (EngineA)
administrator, conduit.search, conduit.search entfernen, conduit_search, conduit_search entfernen, flash player, iexplore.exe, install.exe, newtab, pup.optional.babylon.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.giantsavings.a, pup.optional.searchprotect.a, pup.optional.smart, registry, secure search, services.exe, svchost.exe, temp, trojan.agent, vtoolbarupdater, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/outbrowse.d, win32/toolbar.searchsuite.j, winlogon.exe


« Adware Problem! | erneut spammail-atacke »


Ähnliche Themen: Virus Application.SearchProtect.J (EngineA)


  1. Windows 7 - Avira findet PUA/SearchProtect.Gen
    Log-Analyse und Auswertung - 25.08.2015 (8)
  2. PUp.Optional.SearchProtect eingefangen
    Log-Analyse und Auswertung - 06.05.2015 (14)
  3. Windows 8: 'PUA/SearchProtect.228624'
    Log-Analyse und Auswertung - 05.04.2015 (28)
  4. Fehlermeldung xxx.exe - Ungültiges Bild (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll oder V32Loader.dll)
    Log-Analyse und Auswertung - 18.03.2015 (16)
  5. Windows 7 / SearchProtect/bin/VC64loader.dll
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (9)
  6. Win32/Conduit.SearchProtect.H
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (7)
  7. Searchprotect auf Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 14.10.2014 (6)
  8. SearchProtect / OpenCandy - Trojanerfund auf nagelneuem PC
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (11)
  9. WIN 7: Virusfunde Win32.Application.SubTab.A / Win32.Application.DownloadSponsor.D
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (15)
  10. Unerwünscht SearchProtect auf dem Rechner
    Log-Analyse und Auswertung - 09.05.2014 (9)
  11. Windows7: SearchProtect und TR/Trash.Gen werden gefunden
    Log-Analyse und Auswertung - 28.04.2014 (11)
  12. PuP.Optional.Searchprotect
    Plagegeister aller Art und deren Bekämpfung - 13.03.2014 (2)
  13. SearchProtect Coduit entfernen
    Log-Analyse und Auswertung - 08.03.2014 (1)
  14. Windows 7: PUP.Optional.SearchProtect.A
    Log-Analyse und Auswertung - 29.11.2013 (11)
  15. Gen:Variant.Adware.VidSaver.1 [EngineA]
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (23)
  16. TrojanGeneric.KDV.617269(EngineA) // Trojan Downloader.NurechX (EngineA) usw.
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (69)
  17. Win32/Hoax.ArchSMS.KC application und Win32/Adware.ADON application
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (29)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Application.SearchProtect.J (EngineA) - Hi ..., mein Virenscanner hat o.g. Virus festgestellt. Ich habe ihn in die Quarantäne verlagert. GData-Virenscannerergebnis: Code: Alles auswählen Aufklappen ATTFilter <?xml version="1.0" encoding="utf-16"?> <GdmmsDatabase> <table name="report"> <row> <UserName>Gnuj</UserName> <MachineName>PC01</MachineName> - Virus Application.SearchProtect.J (EngineA)...
Archiv
Du betrachtest: Virus Application.SearchProtect.J (EngineA) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131