| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows BeschleunigerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2014, 14:54
| #1 |
 |  Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Hallo zusammen, ein Bekannter hat sich einen Virus eingefangen. Und zwar hat sich dieser RegCleaner, RocketSearch Virus sich ausgebreitet. Dazu kam noch Opera, was mich sehr verwundert hat. Opera ist mir zumindest nicht im Zusammenhang mit Malware bekannt. Wir haben über Telefon versucht diese Anleitung zusammen abzuarbeiten: http://www.trojaner-board.de/153455-...entfernen.html Der Computer sheint aber immer noch nicht frei von Viren zu sein. So ist RocketSearch immer noch als Shortcut in der Taskleiste, und als mein Bekannter auf dieser Seite http://www.trojaner-board.de/153455-...entfernen.html war, war das Virus entfernen (in der Überschrift) ein Link, der, wenn man darauf geklickt hat, zu einer Seite weitergleitte wurde, die behauptet, dass Firefox nicht aktuell sei und man dort die aktuelel Version bekäme. malwarebytes findet aktuell nichts mehr. Hier ist das OTL Log, das wir nach der kompletten Anleitung bekommen haben. Die Logfiles aus der Anleitung reiche ich gerne noch nach, wenn die noch wichtig sind! Vielen Dank! PS. Noch ein kurzer Nachtrag: ich habe versucht per Remoteünterstützung zu helfen. Das ging aber nach der erstmaligen Ausführung von Malwarebytes nicht mehr. Die problembehandlung von Windows hat ausgegeben, dass der PC kein öffentliche IP hätte, was mich sehr verwirrt hat, weil ich dachte, die wird sowieso automatisch der DSL-Box zugewiesen. OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.07.2014 13:22:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17207) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,35% Memory free 7,83 Gb Paging File | 5,69 Gb Available in Paging File | 72,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 343,38 Gb Free Space | 81,41% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,67 Gb Free Space | 91,98% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (FileZilla Project) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () MOD - C:\Programme\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FileZilla Server) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (FileZilla Project) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd) SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (netfilter64) -- C:\Windows\SysNative\drivers\netfilter64.sys (NetFilterSDK.com) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (vmuvcflt) -- C:\Windows\SysNative\drivers\vmuvcflt.sys (Vimicro Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data] IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.12 10:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2014.07.10 23:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p79ccnhv.default\extensions [2014.07.08 20:31:18 | 000,021,499 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\extensions\j004-megggxjuiuogyr@jetpack.xpi [2014.06.05 09:40:23 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.05.13 08:48:23 | 000,002,492 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\searchplugins\ixquick-https.xml [2013.11.04 14:42:45 | 000,001,691 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\searchplugins\metager.xml [2014.05.16 08:01:20 | 000,002,325 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\searchplugins\startpage-ssl.xml [2014.06.18 13:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.06.18 13:30:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (CouponDownloader) - {157cfeb3-4476-a848-8994-3968abc578c9} - C:\Programme\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000..\Run: [Nike+ Connect] C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) O4 - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000..\Run: [Octoshape Streaming Services] C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-21-2026916818-3381598533-1138130357-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79F9E42B-1D39-4F6E-AC15-A32BE05CA78D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1ADA39-7A93-45CC-A26F-516839507C6F}: NameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.07.11 13:20:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2014.07.11 12:44:21 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe [2014.07.11 12:40:47 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mban-setup-2.0.2.1012.htm [2014.07.11 12:14:45 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTH.scr [2014.07.11 12:06:51 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieUserList [2014.07.11 12:06:51 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieSiteList [2014.07.11 12:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller [2014.07.11 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GlarySoft [2014.07.11 12:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Uninstaller [2014.07.11 10:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2014.07.11 10:25:26 | 000,441,592 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\sc-cleaner.exe [2014.07.10 23:48:17 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2014.07.10 23:46:53 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\User\Desktop\JRT.exe [2014.07.10 23:14:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.07.10 23:11:52 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\logfiles [2014.07.10 22:54:14 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.10 22:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.07.10 22:53:38 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys [2014.07.10 22:53:38 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys [2014.07.10 22:53:38 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2014.07.10 22:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.07.10 22:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.07.10 15:44:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Opera Software [2014.07.10 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Opera Software [2014.07.10 13:33:28 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Remote Assistance Logs [2014.07.10 09:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2014.07.10 09:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2014.07.10 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [2014.07.10 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [2014.07.10 09:42:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket [2014.07.10 09:42:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Rocket [2014.07.09 20:32:24 | 011,204,096 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2014.07.09 08:50:31 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014.07.09 08:50:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014.07.09 08:50:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014.07.09 08:50:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014.07.09 08:50:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014.07.09 08:50:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014.07.09 08:50:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014.07.09 08:50:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014.07.09 08:50:28 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014.07.09 08:50:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014.07.09 08:50:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014.07.09 08:50:27 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014.07.09 08:50:27 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014.07.09 08:50:27 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014.07.09 08:50:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014.07.09 08:50:26 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014.07.09 08:50:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014.07.09 08:50:25 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014.07.09 08:50:24 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014.07.09 08:50:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014.07.09 08:50:23 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014.07.09 08:50:23 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014.07.09 08:50:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014.07.09 08:50:22 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014.07.09 08:50:22 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014.07.09 08:50:21 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014.07.09 08:50:21 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014.07.09 08:50:21 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014.07.09 08:50:21 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014.07.09 08:50:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014.07.09 08:50:20 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014.07.09 08:50:20 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014.07.09 08:50:19 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014.07.09 08:50:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014.07.09 08:50:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014.07.09 07:59:36 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014.07.09 07:59:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014.07.09 07:57:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe [2014.07.09 07:57:51 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe [2014.07.09 07:57:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll [2014.07.09 07:57:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll [2014.07.09 07:57:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2014.07.09 07:53:01 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2014.07.08 20:31:26 | 000,046,376 | ---- | C] (NetFilterSDK.com) -- C:\windows\SysNative\drivers\netfilter64.sys [2014.07.06 08:35:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\usb [2014.07.05 15:27:18 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\OpenPGP [2014.07.05 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win [2014.07.05 12:45:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\gnupg [2014.07.05 12:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU [2014.07.05 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU [2014.06.25 08:27:59 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\WTA [2014.06.18 13:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014.06.11 22:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll [2014.06.11 22:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll [2014.06.11 22:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2014.06.11 22:45:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2014.06.11 22:45:57 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS [2014.06.11 22:45:56 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll ========== Files - Modified Within 30 Days ========== [2014.07.11 13:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2014.07.11 13:04:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014.07.11 12:53:04 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2014.07.11 12:47:58 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.07.11 12:44:43 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe [2014.07.11 12:42:07 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mban-setup-2.0.2.1012.htm [2014.07.11 12:38:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\Rocket Updater.job [2014.07.11 12:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2014.07.11 12:14:46 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTH.scr [2014.07.11 12:05:51 | 000,001,110 | ---- | M] () -- C:\Users\User\Desktop\Absolute Uninstaller.lnk [2014.07.11 12:05:51 | 000,000,166 | ---- | M] () -- C:\Users\User\Desktop\Glarysoft Freeware.url [2014.07.11 10:25:26 | 000,441,592 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\User\Desktop\sc-cleaner.exe [2014.07.10 23:46:54 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\User\Desktop\JRT.exe [2014.07.10 23:45:22 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.07.10 23:45:22 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.07.10 23:42:26 | 001,620,684 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014.07.10 23:42:26 | 000,699,682 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2014.07.10 23:42:26 | 000,654,480 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014.07.10 23:42:26 | 000,149,790 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2014.07.10 23:42:26 | 000,122,352 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014.07.10 23:38:32 | 000,571,507 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2014.07.10 23:38:11 | 000,000,022 | ---- | M] () -- C:\windows\S.dirmngr [2014.07.10 23:37:52 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys [2014.07.10 13:33:54 | 000,001,650 | ---- | M] () -- C:\Users\User\Documents\Einladung.msrcIncident [2014.07.10 09:42:40 | 000,002,223 | ---- | M] () -- C:\Users\User\Desktop\Rocket.lnk [2014.07.10 06:56:58 | 000,326,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2014.07.09 20:32:36 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2014.07.09 20:32:36 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2014.07.09 20:32:25 | 011,204,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2014.07.08 20:31:26 | 000,046,376 | ---- | M] (NetFilterSDK.com) -- C:\windows\SysNative\drivers\netfilter64.sys [2014.07.05 15:30:10 | 000,002,002 | -H-- | M] () -- C:\Users\User\Documents\Default.rdp [2014.06.30 04:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014.06.30 04:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014.06.19 03:06:24 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014.06.19 02:42:57 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014.06.19 02:42:49 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014.06.19 02:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014.06.19 02:41:16 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014.06.19 02:31:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014.06.19 02:26:41 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014.06.19 02:24:30 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014.06.19 02:23:53 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014.06.19 02:14:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014.06.19 02:09:47 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014.06.19 01:59:04 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014.06.19 01:53:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014.06.19 01:51:38 | 005,721,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014.06.19 01:50:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014.06.19 01:48:44 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014.06.19 01:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014.06.19 01:37:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014.06.19 01:36:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014.06.19 01:35:55 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014.06.19 01:33:07 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014.06.19 01:28:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014.06.19 01:27:45 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014.06.19 01:27:07 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014.06.19 01:25:38 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014.06.19 01:23:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014.06.19 01:22:40 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014.06.19 01:06:10 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014.06.19 01:01:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014.06.19 00:59:37 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014.06.19 00:46:23 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014.06.19 00:45:59 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014.06.19 00:15:24 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014.06.19 00:07:42 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014.06.18 12:15:20 | 000,001,122 | ---- | M] () -- C:\Users\User\Desktop\Cyberlink Power2Go.lnk [2014.06.18 04:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe [2014.06.18 03:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe ========== Files Created - No Company Name ========== [2014.07.11 12:05:51 | 000,001,110 | ---- | C] () -- C:\Users\User\Desktop\Absolute Uninstaller.lnk [2014.07.11 12:05:51 | 000,000,166 | ---- | C] () -- C:\Users\User\Desktop\Glarysoft Freeware.url [2014.07.10 23:38:11 | 000,000,022 | ---- | C] () -- C:\windows\S.dirmngr [2014.07.10 22:53:46 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.07.10 13:33:54 | 000,001,650 | ---- | C] () -- C:\Users\User\Documents\Einladung.msrcIncident [2014.07.10 09:42:40 | 000,002,223 | ---- | C] () -- C:\Users\User\Desktop\Rocket.lnk [2014.07.10 09:38:15 | 000,000,288 | ---- | C] () -- C:\windows\tasks\Rocket Updater.job [2014.07.05 13:06:23 | 000,002,002 | -H-- | C] () -- C:\Users\User\Documents\Default.rdp [2014.01.29 19:03:59 | 001,594,964 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.12.28 01:22:32 | 000,005,632 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.28 21:52:25 | 000,001,435 | ---- | C] () -- C:\Users\User\AppData\Roaming\SAS7_000.DAT [2012.11.20 14:34:13 | 000,000,230 | ---- | C] () -- C:\windows\cdplayer.ini [2012.11.20 14:33:55 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.11.12 11:54:40 | 000,000,145 | ---- | C] () -- C:\windows\KTEL.INI [2012.11.08 17:00:34 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012.08.02 12:02:19 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS [2012.08.02 12:02:18 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll [2012.08.02 12:02:18 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll [2012.08.02 12:02:18 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll [2012.08.02 12:02:18 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll [2012.08.02 12:02:18 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll [2012.08.02 12:02:18 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE [2012.08.02 12:02:17 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll [2012.08.02 12:02:17 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe [2012.08.02 12:02:17 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe [2012.08.02 12:02:17 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE [2012.08.02 12:02:17 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys [2012.08.02 02:57:29 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini [2012.08.02 02:57:29 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 251 bytes -> C:\ProgramData\Temp:7FFED16F < End of report > und das Extra.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.07.2014 13:22:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,35% Memory free
7,83 Gb Paging File | 5,69 Gb Available in Paging File | 72,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 343,38 Gb Free Space | 81,41% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,67 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2026916818-3381598533-1138130357-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- "C:\Program Files (x86)\Opera\Launcher.exe" -noautoupdate "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053707F6-7A98-4E1C-B488-93FCBA20AE8D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{0BCB131A-1BA3-47F7-935C-E322660597EE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0FBDDBEF-0A0D-4A4D-98A9-C3D094B17B80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1553FD64-ADD5-435E-A0FF-D21A12B5D82C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17C66880-EEBD-4513-8B9A-3B7388E75300}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1925205E-4080-49B5-819E-6A96D324BB0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C522C25-6F22-4359-8FD9-3EA49A364782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{240D892A-F164-47F0-8AE0-5127DD98DA74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27002476-061C-4F30-9C2C-1A2884008BE2}" = rport=445 | protocol=6 | dir=out | app=system |
"{28841175-E345-4420-8299-B514880A41BF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2B822AEA-5EF2-46A4-8EB2-3E64E417585A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BA259E4-0640-4BCE-9F62-5FF37308EFD5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3CA89B73-F48A-41EB-97D2-DA58C6D12732}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{3FBE2055-5B4F-4782-8613-33DD37246D1C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47E0D1AE-704F-462B-A107-B52F48844D98}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{57441646-DBBE-4F16-964C-26228F820C56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{622A838D-FE1B-4441-A5A8-375627B07FFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6ECA7C0A-0558-4AF2-88D1-36129E8A6411}" = lport=137 | protocol=17 | dir=in | app=system |
"{70111FF6-C238-4C4B-9F69-09F00677761F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77902078-D093-41C9-87B3-5749F8873791}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{791C329A-3BA0-46E6-80AE-2062CF37D9D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AB90D1A-E55C-4FCB-AD9C-CDE8F90AA828}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C304830-C589-4D0E-A53B-3CE6B99FE721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84F752BF-C0E1-4685-8B69-BF2060164935}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8573BE67-54E1-471E-9EDA-BF8ABC6DF89B}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{88509201-B90B-4F7D-AD4B-094335C09EC9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90248AD9-C2BB-4EB1-987D-7CDE26F43B33}" = lport=139 | protocol=6 | dir=in | app=system |
"{929FA0CB-2B80-4969-8EE7-63E0114C44EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9741B132-D767-4416-BEE9-7214831E4DA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97E8B502-1DFF-4B46-849E-1B6FB8A3891C}" = rport=138 | protocol=17 | dir=out | app=system |
"{9CE8E4BC-E4B0-4748-917C-369C8964DDA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FC72AB3-2871-40DB-A084-3B6FD4E73D93}" = rport=137 | protocol=17 | dir=out | app=system |
"{A06406CC-8370-4BD3-BFE4-7A2AB95228FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A30CB40B-85D0-4A48-B80A-0448048BD2C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB142371-66C6-4F32-91B5-F064EA033682}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BC9D65C2-F06B-47FE-9307-9421C7778676}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1BACA18-C87A-4253-BEB9-2DB2103304D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1E9CA04-5877-45A6-A02E-85D7E1B5460B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C34683A1-AC41-4EC5-9C7C-884DF3B92A55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF431BB3-6599-412F-8950-470D5CB240E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5838468-DD19-4C49-85E9-9032061D4E08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF86D32-9B1A-47A8-927A-6E58EBD4C494}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1C8EE7A-DF41-4A55-92A3-BE58096BFF12}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119141C1-3E04-4866-ACA8-A12E95521A1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11A1CB6D-59A6-4A1B-B375-C758FD7D0E23}" = dir=in | app=%programfiles% (x86)\filezilla server\filezilla server.exe |
"{17E1C34D-92CF-4196-807B-CBA95FF4C286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{198277C1-2F1C-4029-BDCC-ED1EEE8B416B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20347756-0E2C-48FD-8210-6FB5A371BF36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{289E3B61-9468-4D92-A2AE-277BC898048D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B00780F-18E5-4A21-958C-22889ED92037}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{2CC56C63-C042-4BA3-AF09-EAAEA168A8EA}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{2DE4A20A-311D-4527-82C6-76263CB371ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3756C103-B9F6-44C6-8FED-CD99BDB069CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45E74035-40F8-4453-84A1-8DDCA64CD0DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{47289031-9064-406E-BDDC-DE8CB68AFABA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F7CE245-3CE6-4820-8DBA-60468E2D4DBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{65EFD787-6F20-465F-86B1-9991D7B21569}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{737BB24B-338F-4F53-9D9D-A9416242417F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7D6D3F4C-D874-41F3-B626-E8373F0D8A73}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84E5DBA9-D9D2-405F-AB14-5449BF5553BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CED4B29-4853-4A82-998E-B8BE0C16B075}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90C8F4FF-79AA-4F91-BE9A-1D19CB530301}" = protocol=6 | dir=out | app=system |
"{96A28DC3-C0A8-4575-B51E-4997248D2126}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3C489AE-7F93-42F4-B0E1-C274C68F68DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC526480-1A25-4B4A-9736-5664D05C2962}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE240B02-3B25-4232-97AC-18F44311085C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B43BC74D-F0A6-4A7E-8339-9C958F5B7CD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAEB7B5A-A625-4796-A08A-7774843C8C2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB7D16A7-E899-4E0D-810B-1767013BF4FC}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{C35617D8-4FB4-4661-B69A-49B6993C882F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C553BBFE-35D5-4E71-BC36-DA93BE57B6B2}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{D709F23C-D2EC-485E-AB77-3F4EC0FF341B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAECA518-5DA4-431A-8D41-5107117EA26E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E2D6CC48-6E90-4524-BA89-FE33AAE48AEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E433DE2A-1F49-48C6-9FFD-CC49ED455FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9DB3923-36E4-417F-94D0-6B097F8ED394}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{FE8D5DAC-63AD-490D-AE6F-DE8ABDF7B11D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{58BAEFCC-7AFB-4A0A-8799-5D32EFA392D3}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{96E5B276-D595-43DA-BFBE-35251F26ADC8}C:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (08/04/2011 6.1.0.1)
"Elantech" = ETDWare PS/2-X64 8.0.4.4_WHQL
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C14BD87-61F1-4C00-9CB2-57E0776FE716}" = Digitaler Routenplaner auf CD-ROM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6
"7-Zip" = 7-Zip 9.20
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.9.0.722
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Audio Converter_is1" = AVS Audio Converter 7.2
"Creative Centrale" = Creative Centrale
"FileZilla Server" = FileZilla Server
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 8.1
"GPG4Win" = Gpg4win (2.2.1)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Full)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 30.0 (x86 de)" = Mozilla Firefox 30.0 (x86 de)
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.7
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2026916818-3381598533-1138130357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nike+ Connect" = Nike+ Connect
"Octoshape Streaming Services" = Octoshape Streaming Services
"Rocket" = Rocket
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2014 04:47:31 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.07.2014 04:47:58 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.07.2014 06:28:08 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17207,
Zeitstempel: 0x53a20c50 Name des fehlerhaften Moduls: bacgajubob.dll, Version: 0.0.0.0,
Zeitstempel: 0x53bc38e9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002bda ID des fehlerhaften
Prozesses: 0x2b0 Startzeit der fehlerhaften Anwendung: 0x01cf9cf11897f449 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll
Berichtskennung:
0cc66807-08e6-11e4-8bc4-3c970e0e78b4
Error - 11.07.2014 06:44:15 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ OSession Events ]
Error - 17.03.2013 03:02:27 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.07.2014 06:09:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "RBClientService" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.07.2014 06:15:34 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 11.07.2014 06:33:36 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "CT Device Query service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 11.07.2014 06:34:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 11.07.2014 07:18:48 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 252.
< End of report >
Geändert von skar (11.07.2014 um 15:01 Uhr) |
|
11.07.2014, 15:32
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.07.2014, 17:58
| #3 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Hallo Schrauber,
__________________danke für deine Hilfe! Hier sind die logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by User (administrator) on USER-PC on 11-07-2014 18:45:18
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-08-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-08-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-02] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [1237504 2010-01-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-08-12] (Acresso Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Nike+ Connect] => C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2012-09-29] (Nike)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Octoshape Streaming Services] => C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CouponDownloader - {157cfeb3-4476-a848-8994-3968abc578c9} - C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{EB1ADA39-7A93-45CC-A26F-516839507C6F}: [NameServer]192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CouponDownloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\j004-megggxjuiuogyr@jetpack.xpi [2014-07-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24]
==================== Services (Whitelisted) =================
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-11 18:45 - 2014-07-11 18:45 - 00012294 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\FRST
2014-07-11 18:43 - 2014-07-11 18:43 - 02084864 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 14:25 - 2014-07-11 14:25 - 00069106 _____ () C:\Users\User\Desktop\OTL.Txt
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:05 - 2014-07-11 14:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:27 - 2014-07-11 10:36 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:38 - 2014-07-11 14:05 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-10 23:14 - 2014-07-10 23:16 - 00000000 ____D () C:\AdwCleaner
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:54 - 2014-07-11 14:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:53 - 2014-07-11 12:47 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 22:47 - 2014-07-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:57 - 2014-07-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-10 09:53 - 2014-07-10 23:18 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-11 18:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 08:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 07:59 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 07:59 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 07:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 07:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 07:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 07:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 07:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 07:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 07:53 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 07:53 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 07:53 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:35 - 2014-07-06 08:38 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:23 - 2014-07-06 08:30 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:09 - 2014-07-06 01:10 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:31 - 2014-06-10 11:40 - 00003602 _____ () C:\Users\User\Downloads\mailadresse_publ.asc
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 13:06 - 2014-07-05 15:30 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 12:45 - 2014-07-08 11:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-06-25 08:27 - 2014-06-25 09:44 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 22:45 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 22:45 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 22:45 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 22:45 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 22:45 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 22:45 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 22:45 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 22:45 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 22:45 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 22:45 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 22:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 22:45 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
==================== One Month Modified Files and Folders =======
2014-07-11 18:45 - 2014-07-11 18:45 - 00012294 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\FRST
2014-07-11 18:43 - 2014-07-11 18:43 - 02084864 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 18:38 - 2014-07-10 09:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-11 18:38 - 2012-08-02 02:24 - 01878828 _____ () C:\windows\WindowsUpdate.log
2014-07-11 18:28 - 2013-01-21 09:21 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 14:25 - 2014-07-11 14:25 - 00069106 _____ () C:\Users\User\Desktop\OTL.Txt
2014-07-11 14:25 - 2014-07-10 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 14:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 14:12 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 14:09 - 2012-08-02 10:15 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-07-11 14:09 - 2012-08-02 10:15 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-07-11 14:09 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-11 14:05 - 2014-07-10 23:38 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-11 14:05 - 2013-05-24 22:03 - 00000436 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-07-11 14:05 - 2012-08-02 03:26 - 00528085 _____ () C:\windows\system32\fastboot.set
2014-07-11 14:05 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 14:05 - 2009-07-14 06:51 - 00112715 _____ () C:\windows\setupact.log
2014-07-11 14:00 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:47 - 2014-07-10 22:53 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:06 - 2014-07-10 09:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-11 12:06 - 2012-11-08 15:10 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:36 - 2014-07-11 10:27 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-11 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-11 09:00 - 2012-08-02 03:10 - 00000000 ____D () C:\ProgramData\Temp
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:37 - 2010-11-21 05:47 - 00267590 _____ () C:\windows\PFRO.log
2014-07-10 23:18 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 23:18 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-07-10 23:16 - 2014-07-10 23:14 - 00000000 ____D () C:\AdwCleaner
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:48 - 2014-07-10 22:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 22:47 - 2009-07-14 04:34 - 00000505 _____ () C:\windows\win.ini
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:43 - 2012-11-13 15:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\EurekaLog
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-10 07:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-10 06:57 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 06:56 - 2013-02-01 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-10 06:56 - 2009-07-14 06:45 - 00326280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 06:54 - 2014-05-06 21:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 06:54 - 2011-09-29 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 06:37 - 2013-08-14 09:21 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 06:35 - 2012-11-12 21:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 20:32 - 2013-01-21 09:21 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 20:32 - 2012-11-08 16:09 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 20:32 - 2012-11-08 16:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 13:03 - 2012-11-13 14:09 - 00000000 ____D () C:\Scan
2014-07-09 11:11 - 2013-10-01 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-08 11:52 - 2014-07-05 12:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-06 08:38 - 2014-07-06 08:35 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:30 - 2014-07-06 08:23 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:10 - 2014-07-06 01:09 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:30 - 2014-07-05 13:06 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 14:23 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-07-02 18:17 - 2012-11-15 22:58 - 00000000 ____D () C:\Users\User\Documents\eMails für Gutachten AXA
2014-06-30 11:16 - 2012-11-29 12:23 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung
2014-06-30 04:09 - 2014-07-09 07:59 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:59 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-27 12:31 - 2013-01-21 14:43 - 00000000 ____D () C:\Users\User\Documents\eMails für Aktennotizen AXA
2014-06-25 09:44 - 2014-06-25 08:27 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-23 15:19 - 2012-11-29 10:44 - 00000000 ____D () C:\Users\User\Documents\Congstar
2014-06-20 22:14 - 2014-07-09 08:50 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 08:50 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 08:50 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 08:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 08:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 08:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 08:50 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 08:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 08:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 08:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 08:50 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 08:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 08:50 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 08:50 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 08:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 08:50 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 08:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 08:50 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 08:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 08:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 08:50 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 08:50 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 08:50 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 08:50 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 08:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 08:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 08:50 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 08:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 08:50 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 08:50 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 08:50 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 08:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 08:50 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 08:50 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 08:50 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 08:50 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 08:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 08:50 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 08:50 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 08:50 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 08:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 08:50 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 08:50 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 08:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 12:15 - 2012-11-08 15:09 - 00001122 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-06-18 04:18 - 2014-07-09 07:57 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 07:57 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 07:57 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-11 23:17 - 2012-11-12 11:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\CloudBackup6158.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\gpg4win.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\octoinstalljni8646296748607556189.dll
C:\Users\User\AppData\Local\Temp\octosetup99981191001071139811810610610410911911511697102981021059910410211510711810511911299991024440609694472258571.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\_is4A97.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 10:19
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by User at 2014-07-11 18:46:05
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version: - Glarysoft.com)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
Benutzerhandbuch (x32 Version: 2.0.0.2 - Lenovo) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digitaler Routenplaner auf CD-ROM (HKLM-x32\...\{4C14BD87-61F1-4C00-9CB2-57E0776FE716}) (Version: 1.00.0000 - Tandem Verlag GmbH)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo)
Energy Management (x32 Version: 6.0.2.8 - Lenovo) Hidden
ETDWare PS/2-X64 8.0.4.4_WHQL (HKLM\...\Elantech) (Version: 8.0.4.4 - ELAN Microelectronic Corp.)
eXPert PDF 6 (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 6.32 - Avanquest software)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.4.0 - )
K-Lite Codec Pack 9.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.2.3 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3212 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.3521.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
Nike+ Connect (HKCU\...\Nike+ Connect) (Version: 5.2.8 - Nike)
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Pivot Stickfigure Animator version 2.2.7 (HKLM-x32\...\Pivot Stickfigure Animator_is1) (Version: 2.2.7 - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Rocket (HKCU\...\Rocket) (Version: 31.0.1650.23 - Rocket)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 2.0.0.2 - Lenovo)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (08/04/2011 6.1.0.1) (HKLM\...\03A1C6133CBCFD1D944CAC45762E2EC5CD524136) (Version: 08/04/2011 6.1.0.1 - Lenovo)
==================== Restore Points =========================
16-06-2014 11:24:33 Windows Update
20-06-2014 06:35:32 Windows Update
23-06-2014 17:22:12 Windows Update
27-06-2014 09:02:22 Windows Update
30-06-2014 14:16:43 Windows Update
04-07-2014 06:21:43 Windows Update
07-07-2014 07:46:22 Windows Update
10-07-2014 04:32:41 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0C849754-02A8-4A94-88AF-3C1CDEB80803} - System32\Tasks\Rocket Updater => C:\Users\User\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {11A551B4-1A13-44AC-94A5-F7B1FF80794E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {28ED4B11-D32F-4D69-8616-6D7B7307F8ED} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {31FAF1A8-7A0E-4297-B072-6A0855EA6AB4} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {3D38EFE5-13AA-439F-BC24-4EB8265B7FC2} - System32\Tasks\{76EED23B-CF3E-4CCD-848B-6BB9237816D0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {7C5E8240-D195-4BF0-81B5-DF31D90FE204} - \Advanced System Protector No Task File <==== ATTENTION
Task: {8660A81F-D77A-4C9B-B297-3B2F52DE79A9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {DA585017-90C9-4D00-A81C-1BEF562B7D49} - \RegClean Pro No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Rocket Updater.job => C:\Users\User\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2011-04-15 07:28 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 05:20 - 2012-08-02 03:24 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 05:20 - 2012-08-02 03:24 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-06-18 13:30 - 2014-06-18 13:30 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 20:32 - 2014-07-09 20:32 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:7FFED16F
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2014 05:02:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17207, Zeitstempel: 0x53a20c50
Name des fehlerhaften Moduls: bacgajubob.dll, Version: 0.0.0.0, Zeitstempel: 0x53bc38e9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bda
ID des fehlerhaften Prozesses: 0x1390
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (07/11/2014 02:06:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2014 00:44:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/11/2014 00:28:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17207, Zeitstempel: 0x53a20c50
Name des fehlerhaften Moduls: bacgajubob.dll, Version: 0.0.0.0, Zeitstempel: 0x53bc38e9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002bda
ID des fehlerhaften Prozesses: 0x2b0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (07/11/2014 10:47:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/11/2014 10:47:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (07/11/2014 04:42:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.10
registriert werden. Der Computer mit IP-Adresse 192.168.178.115 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2014 04:42:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.10
registriert werden. Der Computer mit IP-Adresse 192.168.178.115 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2014 04:40:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.10
registriert werden. Der Computer mit IP-Adresse 192.168.178.115 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2014 04:40:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.10
registriert werden. Der Computer mit IP-Adresse 192.168.178.115 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/11/2014 04:40:23 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{EB1ADA39-7A93-45CC-A26F-516839507C6F} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (07/11/2014 02:13:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/11/2014 02:12:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/11/2014 01:18:48 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (07/11/2014 00:34:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/11/2014 00:33:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CT Device Query service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (03/17/2013 09:02:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 4010.14 MB
Available physical RAM: 2078.62 MB
Total Pagefile: 8018.46 MB
Available Pagefile: 6128.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:343.02 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B7B37DAA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
==================== End Of Log ============================
|
|
12.07.2014, 17:47
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.07.2014, 18:55
| #5 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger ok...here we go! EDIT: Ich habe die ganzen Programme schon gehabt und schon einmal laufen lassen. Das hier sind jetzt aber die neuen Logfiles. Die alten kann ich aber auch gerne nachreichen. MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.07.2014 Suchlauf-Zeit: 19:07:38 Logdatei: mbamlog3.txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.07.12.07 Rootkit Datenbank: v2014.07.09.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 318984 Verstrichene Zeit: 12 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) ADW: Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 12/07/2014 um 19:26:26
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [4435 octets] - [10/07/2014 23:15:11]
AdwCleaner[R1].txt - [927 octets] - [12/07/2014 19:24:44]
AdwCleaner[S0].txt - [4125 octets] - [10/07/2014 23:16:12]
AdwCleaner[S1].txt - [849 octets] - [12/07/2014 19:26:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [908 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 12.07.2014 at 19:32:51,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p79ccnhv.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.07.2014 at 19:38:51,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by User (administrator) on USER-PC on 12-07-2014 19:41:42
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nike) C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Octoshape ApS) C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-08-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-08-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-02] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [1237504 2010-01-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-08-12] (Acresso Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Nike+ Connect] => C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2012-09-29] (Nike)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Octoshape Streaming Services] => C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CouponDownloader - {157cfeb3-4476-a848-8994-3968abc578c9} - C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{EB1ADA39-7A93-45CC-A26F-516839507C6F}: [NameServer]192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CouponDownloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\j004-megggxjuiuogyr@jetpack.xpi [2014-07-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24]
==================== Services (Whitelisted) =================
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-12 19:41 - 2014-07-12 19:41 - 00012837 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-12 19:38 - 2014-07-12 19:38 - 00000754 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-12 19:27 - 2014-07-12 19:27 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-11 18:45 - 2014-07-12 19:41 - 00000000 ____D () C:\FRST
2014-07-11 18:43 - 2014-07-11 18:43 - 02084864 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:05 - 2014-07-11 14:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:27 - 2014-07-11 10:36 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:14 - 2014-07-12 19:26 - 00000000 ____D () C:\AdwCleaner
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:54 - 2014-07-12 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:53 - 2014-07-11 12:47 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 22:47 - 2014-07-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:57 - 2014-07-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-10 09:53 - 2014-07-10 23:18 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-12 19:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 08:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 07:59 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 07:59 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 07:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 07:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 07:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 07:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 07:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 07:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 07:53 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 07:53 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 07:53 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:35 - 2014-07-06 08:38 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:23 - 2014-07-06 08:30 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:09 - 2014-07-06 01:10 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:31 - 2014-06-10 11:40 - 00003602 _____ () C:\Users\User\Downloads\mailadresse_publ.asc
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 13:06 - 2014-07-05 15:30 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 12:45 - 2014-07-08 11:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-06-25 08:27 - 2014-06-25 09:44 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-07-12 19:42 - 2014-07-12 19:41 - 00012837 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-12 19:41 - 2014-07-11 18:45 - 00000000 ____D () C:\FRST
2014-07-12 19:38 - 2014-07-12 19:38 - 00000754 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-12 19:38 - 2014-07-10 09:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-12 19:34 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 19:34 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 19:31 - 2012-08-02 10:15 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-07-12 19:31 - 2012-08-02 10:15 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-07-12 19:31 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-12 19:28 - 2013-01-21 09:21 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-12 19:28 - 2012-08-02 03:26 - 00131327 _____ () C:\windows\system32\fastboot.set
2014-07-12 19:27 - 2014-07-12 19:27 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-12 19:27 - 2013-05-24 22:03 - 00000436 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-07-12 19:27 - 2010-11-21 05:47 - 00267904 _____ () C:\windows\PFRO.log
2014-07-12 19:27 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-12 19:27 - 2009-07-14 06:51 - 00112771 _____ () C:\windows\setupact.log
2014-07-12 19:26 - 2014-07-10 23:14 - 00000000 ____D () C:\AdwCleaner
2014-07-12 19:26 - 2012-08-02 02:24 - 01956564 _____ () C:\windows\WindowsUpdate.log
2014-07-12 19:24 - 2012-12-10 14:59 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung Norbert
2014-07-12 19:06 - 2014-07-10 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:43 - 2014-07-11 18:43 - 02084864 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 14:00 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:47 - 2014-07-10 22:53 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:06 - 2014-07-10 09:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-11 12:06 - 2012-11-08 15:10 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:36 - 2014-07-11 10:27 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-11 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-11 09:00 - 2012-08-02 03:10 - 00000000 ____D () C:\ProgramData\Temp
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:18 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 23:18 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:48 - 2014-07-10 22:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 22:47 - 2009-07-14 04:34 - 00000505 _____ () C:\windows\win.ini
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:43 - 2012-11-13 15:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\EurekaLog
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-10 07:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-10 06:57 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 06:56 - 2013-02-01 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-10 06:56 - 2009-07-14 06:45 - 00326280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 06:54 - 2014-05-06 21:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 06:54 - 2011-09-29 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 06:37 - 2013-08-14 09:21 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 06:35 - 2012-11-12 21:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 20:32 - 2013-01-21 09:21 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 20:32 - 2012-11-08 16:09 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 20:32 - 2012-11-08 16:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 13:03 - 2012-11-13 14:09 - 00000000 ____D () C:\Scan
2014-07-09 11:11 - 2013-10-01 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-08 11:52 - 2014-07-05 12:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-06 08:38 - 2014-07-06 08:35 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:30 - 2014-07-06 08:23 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:10 - 2014-07-06 01:09 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:30 - 2014-07-05 13:06 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 14:23 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-07-02 18:17 - 2012-11-15 22:58 - 00000000 ____D () C:\Users\User\Documents\eMails für Gutachten AXA
2014-06-30 11:16 - 2012-11-29 12:23 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung
2014-06-30 04:09 - 2014-07-09 07:59 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:59 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-27 12:31 - 2013-01-21 14:43 - 00000000 ____D () C:\Users\User\Documents\eMails für Aktennotizen AXA
2014-06-25 09:44 - 2014-06-25 08:27 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-23 15:19 - 2012-11-29 10:44 - 00000000 ____D () C:\Users\User\Documents\Congstar
2014-06-20 22:14 - 2014-07-09 08:50 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 08:50 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 08:50 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 08:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 08:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 08:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 08:50 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 08:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 08:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 08:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 08:50 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 08:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 08:50 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 08:50 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 08:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 08:50 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 08:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 08:50 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 08:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 08:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 08:50 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 08:50 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 08:50 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 08:50 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 08:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 08:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 08:50 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 08:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 08:50 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 08:50 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 08:50 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 08:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 08:50 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 08:50 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 08:50 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 08:50 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 08:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 08:50 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 08:50 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 08:50 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 08:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 08:50 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 08:50 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 08:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 12:15 - 2012-11-08 15:09 - 00001122 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-06-18 04:18 - 2014-07-09 07:57 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 07:57 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 07:57 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\CloudBackup6158.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\gpg4win.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\octoinstalljni8646296748607556189.dll
C:\Users\User\AppData\Local\Temp\octosetup99981191001071139811810610610410911911511697102981021059910410211510711810511911299991024440609694472258571.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\_is4A97.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 10:19
==================== End Of Log ============================
|
|
13.07.2014, 14:58
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows BeschleunigerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger |
|
13.07.2014, 18:17
| #7 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Okay. Ist alles durchgelaufen bis auf das SecurityCheck! Und in der Taskleiste ist immer noch ein Shortcut von RocketSearch. Im Browser werden auch andauernd Werbebanner angezeigt, dass der PC gefährdet ist und es sind alle möglichen Schlagwörter unterstrichen. Wenn man mit der Maus darüberfährt wird dann gefragt, ob man danach suchen möchte. Wär auch zu schön gewesen  Hier die logs: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e0eb66fc73dc5041836a3f7c86cba189
# engine=19154
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-13 04:23:30
# local_time=2014-07-13 06:23:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8714143 76558632 0 0
# scanned=157070
# found=0
# cleaned=0
# scan_time=4743
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by User (administrator) on USER-PC on 13-07-2014 19:05:22
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nike) C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Octoshape ApS) C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-08-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-08-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-02] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [1237504 2010-01-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-08-12] (Acresso Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Nike+ Connect] => C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2012-09-29] (Nike)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [Octoshape Streaming Services] => C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CouponDownloader - {157cfeb3-4476-a848-8994-3968abc578c9} - C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{EB1ADA39-7A93-45CC-A26F-516839507C6F}: [NameServer]192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CouponDownloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\j004-megggxjuiuogyr@jetpack.xpi [2014-07-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p79ccnhv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-24]
==================== Services (Whitelisted) =================
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-13 19:05 - 2014-07-13 19:05 - 00012909 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-13 19:05 - 2014-07-13 19:05 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-07-13 18:55 - 2014-07-13 18:55 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-13 16:44 - 2014-07-13 16:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 16:42 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-13 16:41 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-07-12 19:38 - 2014-07-12 19:38 - 00000754 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-12 19:27 - 2014-07-12 19:27 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-11 18:45 - 2014-07-13 19:05 - 00000000 ____D () C:\FRST
2014-07-11 18:43 - 2014-07-13 19:05 - 02086912 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:05 - 2014-07-11 14:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:27 - 2014-07-11 10:36 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:14 - 2014-07-12 19:26 - 00000000 ____D () C:\AdwCleaner
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:54 - 2014-07-12 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:53 - 2014-07-11 12:47 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 22:47 - 2014-07-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:57 - 2014-07-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-10 09:53 - 2014-07-10 23:18 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-13 18:50 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 08:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 07:59 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 07:59 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 07:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 07:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 07:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 07:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 07:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 07:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 07:53 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 07:53 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 07:53 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:35 - 2014-07-06 08:38 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:23 - 2014-07-06 08:30 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:09 - 2014-07-06 01:10 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:31 - 2014-06-10 11:40 - 00003602 _____ () C:\Users\User\Downloads\mailadresse_publ.asc
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 13:06 - 2014-07-05 15:30 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 12:45 - 2014-07-13 15:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-06-25 08:27 - 2014-06-25 09:44 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-07-13 19:05 - 2014-07-13 19:05 - 00012909 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-13 19:05 - 2014-07-13 19:05 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2014-07-13 19:05 - 2014-07-11 18:45 - 00000000 ____D () C:\FRST
2014-07-13 19:05 - 2014-07-11 18:43 - 02086912 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-13 18:55 - 2014-07-13 18:55 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-13 18:50 - 2014-07-10 09:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-13 18:28 - 2013-01-21 09:21 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 17:38 - 2012-08-02 02:24 - 02012996 _____ () C:\windows\WindowsUpdate.log
2014-07-13 17:00 - 2012-08-02 10:15 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-07-13 17:00 - 2012-08-02 10:15 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-07-13 17:00 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-13 16:44 - 2014-07-13 16:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 16:41 - 2014-07-13 16:42 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-13 16:41 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-07-13 15:01 - 2014-07-05 12:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-12 19:38 - 2014-07-12 19:38 - 00000754 _____ () C:\Users\User\Desktop\JRT.txt
2014-07-12 19:34 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 19:34 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 19:28 - 2012-08-02 03:26 - 00131327 _____ () C:\windows\system32\fastboot.set
2014-07-12 19:27 - 2014-07-12 19:27 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-12 19:27 - 2013-05-24 22:03 - 00000436 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-07-12 19:27 - 2010-11-21 05:47 - 00267904 _____ () C:\windows\PFRO.log
2014-07-12 19:27 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-12 19:27 - 2009-07-14 06:51 - 00112771 _____ () C:\windows\setupact.log
2014-07-12 19:26 - 2014-07-10 23:14 - 00000000 ____D () C:\AdwCleaner
2014-07-12 19:24 - 2012-12-10 14:59 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung Norbert
2014-07-12 19:06 - 2014-07-10 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 14:00 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:47 - 2014-07-10 22:53 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:06 - 2014-07-10 09:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-11 12:06 - 2012-11-08 15:10 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00001110 _____ () C:\Users\User\Desktop\Absolute Uninstaller.lnk
2014-07-11 12:05 - 2014-07-11 12:05 - 00000166 _____ () C:\Users\User\Desktop\Glarysoft Freeware.url
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:36 - 2014-07-11 10:27 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-11 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-11 09:00 - 2012-08-02 03:10 - 00000000 ____D () C:\ProgramData\Temp
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:18 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 23:18 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:48 - 2014-07-10 22:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 22:47 - 2009-07-14 04:34 - 00000505 _____ () C:\windows\win.ini
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:43 - 2012-11-13 15:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\EurekaLog
2014-07-10 09:42 - 2014-07-10 09:42 - 00002223 _____ () C:\Users\User\Desktop\Rocket.lnk
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
2014-07-10 09:42 - 2014-07-10 09:42 - 00000000 ____D () C:\Users\User\AppData\Local\Rocket
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-10 07:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-10 06:57 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 06:56 - 2013-02-01 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-10 06:56 - 2009-07-14 06:45 - 00326280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 06:54 - 2014-05-06 21:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 06:54 - 2011-09-29 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 06:37 - 2013-08-14 09:21 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 06:35 - 2012-11-12 21:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 20:32 - 2013-01-21 09:21 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 20:32 - 2012-11-08 16:09 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 20:32 - 2012-11-08 16:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 13:03 - 2012-11-13 14:09 - 00000000 ____D () C:\Scan
2014-07-09 11:11 - 2013-10-01 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:38 - 2014-07-06 08:35 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:30 - 2014-07-06 08:23 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:10 - 2014-07-06 01:09 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:30 - 2014-07-05 13:06 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 14:23 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-07-02 18:17 - 2012-11-15 22:58 - 00000000 ____D () C:\Users\User\Documents\eMails für Gutachten AXA
2014-06-30 11:16 - 2012-11-29 12:23 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung
2014-06-30 04:09 - 2014-07-09 07:59 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:59 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-27 12:31 - 2013-01-21 14:43 - 00000000 ____D () C:\Users\User\Documents\eMails für Aktennotizen AXA
2014-06-25 09:44 - 2014-06-25 08:27 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-23 15:19 - 2012-11-29 10:44 - 00000000 ____D () C:\Users\User\Documents\Congstar
2014-06-20 22:14 - 2014-07-09 08:50 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 08:50 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 08:50 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 08:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 08:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 08:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 08:50 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 08:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 08:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 08:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 08:50 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 08:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 08:50 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 08:50 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 08:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 08:50 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 08:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 08:50 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 08:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 08:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 08:50 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 08:50 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 08:50 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 08:50 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 08:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 08:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 08:50 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 08:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 08:50 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 08:50 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 08:50 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 08:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 08:50 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 08:50 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 08:50 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 08:50 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 08:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 08:50 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 08:50 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 08:50 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 08:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 08:50 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 08:50 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 08:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 13:30 - 2014-06-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 12:15 - 2012-11-08 15:09 - 00001122 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-06-18 04:18 - 2014-07-09 07:57 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 07:57 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 07:57 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\CloudBackup6158.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\gpg4win.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\octoinstalljni8646296748607556189.dll
C:\Users\User\AppData\Local\Temp\octosetup99981191001071139811810610610410911911511697102981021059910410211510711810511911299991024440609694472258571.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\_is4A97.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 10:19
==================== End Of Log ============================
|
|
14.07.2014, 14:53
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger In welchem Browser? Und nur in diesem Browser oder mehreren?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2014, 19:02
| #9 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Das ist bis jetzt im Firefox aufgetreten. Im Internet Explorer hat sich eben eine Seite total verpixelt und es kam ein Angebot für ein Waschmittel. Das ist allerdings nicht reproduzierbar gewesen. Die Links sind im IE bis jetzt aber nicht aufgetreten. Im Zweifelsfall wäre es auch möglich den PC neu aufzusetzen. Das würde keine allzu großen Probleme bereiten, denke ich. |
|
15.07.2014, 19:14
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2014, 08:10
| #11 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Bei der Deinstallation mit Revo Uninstaller hat mein Bekannter noch einen Rocket Browser gefunden. Den haben wir dann auch deinstalliert. Seitdem ist das Rocket-Symbol auch aus der Taskleiste verschwunden. Auf dem Desktop sind nach der Deinstallierung ein Ordner mit dem alten Firefox-Profil und 2 desktop.ini aufgetaucht. Können die gelöscht werden? (Aus dem alten Profil soll nichts importiert werden.) Ansonsten sieht oberflächlich, soweit ich das durch das Telefon sehen kann, alles in Ordnung aus. Hier noch das logfile. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by User (administrator) on USER-PC on 16-07-2014 08:46:40
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nike) C:\Users\User\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-08-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-08-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-08-02] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe [1237504 2010-01-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2010-08-12] (Acresso Corporation)
HKU\S-1-5-21-2026916818-3381598533-1138130357-1000\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CouponDownloader - {157cfeb3-4476-a848-8994-3968abc578c9} - C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E\bacgajubob.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{EB1ADA39-7A93-45CC-A26F-516839507C6F}: [NameServer]192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hwr573fk.default-1405493042339
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 IAStorDataMgrSvc;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-16 08:46 - 2014-07-16 08:46 - 00011442 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-16 08:44 - 2014-07-16 08:44 - 00000000 ____D () C:\Users\User\Desktop\Alte Firefox-Daten
2014-07-16 08:40 - 2014-07-16 08:40 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-16 08:40 - 2014-07-16 08:40 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-16 08:40 - 2014-07-16 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-16 08:40 - 2014-07-16 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 08:10 - 2014-07-16 08:11 - 00001268 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2014-07-16 08:10 - 2014-07-16 08:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-16 08:08 - 2014-07-16 08:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Desktop\revosetup95.exe
2014-07-16 08:01 - 2014-07-16 08:01 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-13 18:55 - 2014-07-13 18:55 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-13 16:44 - 2014-07-13 16:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 16:42 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-13 16:41 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-07-11 18:45 - 2014-07-16 08:46 - 00000000 ____D () C:\FRST
2014-07-11 18:43 - 2014-07-13 19:05 - 02086912 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:05 - 2014-07-16 08:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:27 - 2014-07-11 10:36 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:14 - 2014-07-12 19:26 - 00000000 ____D () C:\AdwCleaner
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:54 - 2014-07-12 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:53 - 2014-07-11 12:47 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-11 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:53 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 22:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 22:47 - 2014-07-10 22:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:57 - 2014-07-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-10 09:53 - 2014-07-10 23:18 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:38 - 2014-07-16 08:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 08:50 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:50 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:50 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:50 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:50 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:50 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:50 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:50 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:50 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:50 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:50 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:50 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:50 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:50 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:50 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:50 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:50 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:50 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:50 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:50 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:50 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:50 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:50 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:50 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:50 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:50 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:50 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:50 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:50 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:50 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:50 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:50 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:50 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:50 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:50 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:50 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 07:59 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 07:59 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 07:57 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 07:57 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 07:57 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 07:57 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 07:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 07:57 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 07:57 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 07:53 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 07:53 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 07:53 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:35 - 2014-07-06 08:38 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:23 - 2014-07-06 08:30 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:09 - 2014-07-06 01:10 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:31 - 2014-06-10 11:40 - 00003602 _____ () C:\Users\User\Downloads\mailadresse_publ.asc
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 13:06 - 2014-07-05 15:30 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 12:45 - 2014-07-15 20:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-06-25 08:27 - 2014-06-25 09:44 - 00000000 ____D () C:\Users\User\Documents\WTA
==================== One Month Modified Files and Folders =======
2014-07-16 08:47 - 2014-07-16 08:46 - 00011442 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-16 08:46 - 2014-07-11 18:45 - 00000000 ____D () C:\FRST
2014-07-16 08:44 - 2014-07-16 08:44 - 00000000 ____D () C:\Users\User\Desktop\Alte Firefox-Daten
2014-07-16 08:42 - 2012-11-12 10:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-07-16 08:40 - 2014-07-16 08:40 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-16 08:40 - 2014-07-16 08:40 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-16 08:40 - 2014-07-16 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-16 08:40 - 2014-07-16 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-16 08:38 - 2014-07-10 09:38 - 00000288 _____ () C:\windows\Tasks\Rocket Updater.job
2014-07-16 08:30 - 2013-07-11 20:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Octoshape
2014-07-16 08:28 - 2013-01-21 09:21 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 08:24 - 2014-07-11 12:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-07-16 08:13 - 2012-08-02 02:24 - 01070145 _____ () C:\windows\WindowsUpdate.log
2014-07-16 08:11 - 2014-07-16 08:10 - 00001268 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2014-07-16 08:11 - 2014-07-16 08:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-16 08:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 08:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 08:08 - 2014-07-16 08:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Desktop\revosetup95.exe
2014-07-16 08:06 - 2012-08-02 10:15 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-07-16 08:06 - 2012-08-02 10:15 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-07-16 08:06 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-16 08:02 - 2012-08-02 03:26 - 00141301 _____ () C:\windows\system32\fastboot.set
2014-07-16 08:01 - 2014-07-16 08:01 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-16 08:01 - 2013-05-24 22:03 - 00000436 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-07-16 08:01 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 08:01 - 2009-07-14 06:51 - 00112883 _____ () C:\windows\setupact.log
2014-07-15 21:15 - 2012-11-13 15:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\EurekaLog
2014-07-15 20:57 - 2014-07-05 12:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\gnupg
2014-07-15 09:01 - 2012-08-02 03:10 - 00000000 ____D () C:\ProgramData\Temp
2014-07-15 08:19 - 2012-11-15 22:58 - 00000000 ____D () C:\Users\User\Documents\eMails für Gutachten AXA
2014-07-14 10:51 - 2013-01-21 14:43 - 00000000 ____D () C:\Users\User\Documents\eMails für Aktennotizen AXA
2014-07-13 19:05 - 2014-07-11 18:43 - 02086912 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-13 18:55 - 2014-07-13 18:55 - 00854390 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2014-07-13 16:44 - 2014-07-13 16:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-13 16:41 - 2014-07-13 16:42 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2014-07-13 16:41 - 2014-07-13 16:41 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2014-07-12 19:27 - 2010-11-21 05:47 - 00267904 _____ () C:\windows\PFRO.log
2014-07-12 19:26 - 2014-07-10 23:14 - 00000000 ____D () C:\AdwCleaner
2014-07-12 19:24 - 2012-12-10 14:59 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung Norbert
2014-07-12 19:06 - 2014-07-10 22:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 13:20 - 2014-07-11 13:20 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-11 12:47 - 2014-07-10 22:53 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-11 12:47 - 2014-07-10 22:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-11 12:44 - 2014-07-11 12:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-11 12:14 - 2014-07-11 12:14 - 00259584 _____ (OldTimer Tools) C:\Users\User\Desktop\OTH.scr
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-07-11 12:06 - 2014-07-11 12:06 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-07-11 12:06 - 2014-07-10 09:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-11 12:06 - 2012-11-08 15:10 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 12:03 - 2014-07-11 12:03 - 02194784 _____ (Glarysoft.com ) C:\Users\User\Downloads\au29setup.exe
2014-07-11 10:44 - 2014-07-11 10:44 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-07-11 10:36 - 2014-07-11 10:27 - 00001790 _____ () C:\sc-cleaner.txt
2014-07-11 10:25 - 2014-07-11 10:25 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\sc-cleaner.exe
2014-07-11 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-07-10 23:48 - 2014-07-10 23:48 - 00000000 ____D () C:\windows\ERUNT
2014-07-10 23:46 - 2014-07-10 23:46 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-07-10 23:18 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 23:18 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-07-10 23:13 - 2014-07-10 23:13 - 01348263 _____ () C:\Users\User\Downloads\adwcleaner_3.215.exe
2014-07-10 22:53 - 2014-07-10 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 22:48 - 2014-07-10 22:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 22:47 - 2009-07-14 04:34 - 00000505 _____ () C:\windows\win.ini
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Opera Software
2014-07-10 15:44 - 2014-07-10 15:44 - 00000000 ____D () C:\Users\User\AppData\Local\Opera Software
2014-07-10 13:33 - 2014-07-10 13:33 - 00001650 _____ () C:\Users\User\Documents\Einladung.msrcIncident
2014-07-10 09:53 - 2014-07-10 09:53 - 00945008 _____ (SlimWare Utilities, Inc.) C:\Users\User\Downloads\DriverUpdate-setup.exe
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\Program Files\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-07-10 09:38 - 2014-07-10 09:38 - 00003224 _____ () C:\windows\System32\Tasks\Rocket Updater
2014-07-10 07:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-10 06:57 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 06:56 - 2009-07-14 06:45 - 00326280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 06:54 - 2014-05-06 21:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 06:54 - 2011-09-29 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 06:54 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 06:37 - 2013-08-14 09:21 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 06:35 - 2012-11-12 21:06 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 20:32 - 2014-07-09 20:32 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 20:32 - 2013-01-21 09:21 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 20:32 - 2012-11-08 16:09 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 20:32 - 2012-11-08 16:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 13:03 - 2012-11-13 14:09 - 00000000 ____D () C:\Scan
2014-07-09 11:11 - 2013-10-01 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-08 20:31 - 2014-07-08 20:31 - 00046376 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\netfilter64.sys
2014-07-06 08:38 - 2014-07-06 08:35 - 00000000 ____D () C:\Users\User\Desktop\usb
2014-07-06 08:30 - 2014-07-06 08:23 - 967835648 _____ () C:\Users\User\Downloads\ubuntu-gnome-14.04-desktop-amd64.iso
2014-07-06 01:10 - 2014-07-06 01:09 - 04831232 _____ (Geza Kovacs) C:\Users\User\Downloads\unetbootin-windows-608.exe
2014-07-05 15:30 - 2014-07-05 13:06 - 00002002 ____H () C:\Users\User\Documents\Default.rdp
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\Users\User\Documents\OpenPGP
2014-07-05 14:23 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\ProgramData\GNU
2014-07-05 12:45 - 2014-07-05 12:45 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-07-05 12:42 - 2014-07-05 12:42 - 01470222 _____ () C:\Users\User\Downloads\enigmail-1.6-sm+tb.xpi
2014-06-30 11:16 - 2012-11-29 12:23 - 00000000 ____D () C:\Users\User\Documents\Telefonrechnung
2014-06-30 04:09 - 2014-07-09 07:59 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:59 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-25 09:44 - 2014-06-25 08:27 - 00000000 ____D () C:\Users\User\Documents\WTA
2014-06-23 15:19 - 2012-11-29 10:44 - 00000000 ____D () C:\Users\User\Documents\Congstar
2014-06-20 22:14 - 2014-07-09 08:50 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 08:50 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 08:50 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 08:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 08:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 08:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 08:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 08:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 08:50 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 08:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 08:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 08:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 08:50 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 08:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 08:50 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 08:50 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 08:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 08:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 08:50 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 08:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 08:50 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 08:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 08:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 08:50 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 08:50 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 08:50 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 08:50 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 08:50 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 08:50 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 08:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 08:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 08:50 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 08:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 08:50 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 08:50 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 08:50 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 08:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 08:50 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 08:50 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 08:50 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 08:50 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 08:50 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 08:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 08:50 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 08:50 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 08:50 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 08:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 08:50 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 08:50 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 08:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 12:15 - 2012-11-08 15:09 - 00001122 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-06-18 04:18 - 2014-07-09 07:57 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 07:57 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 07:57 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\CloudBackup6158.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\gpg4win.exe
C:\Users\User\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\octoinstalljni8646296748607556189.dll
C:\Users\User\AppData\Local\Temp\octosetup99981191001071139811810610610410911911511697102981021059910410211510711810511911299991024440609694472258571.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\_is4A97.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 10:19
==================== End Of Log ============================
|
|
16.07.2014, 19:12
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Ordner kannste löschen, Finger weg von den desktop.ini, das sind Systemdateien, die verschwinden wieder von alleine. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2014, 22:11
| #13 |
| | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Echt verdammt nett, dass ihr das hier alles macht! Von den Ratschlägen werden wohl auch einige beherzigt werden Ich hoffe, ich melde mich nicht so bald nochmal bei euch! skar |
|
17.07.2014, 15:49
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Home: Rocket Search, RegCleaner, Opera, Windows Beschleuniger |
| acrobat update, bho, computer, converter, coupondownloader, downloader, error, expert pdf, firefox, flash player, helper, home, homepage, iexplore.exe, install.exe, malware, mozilla, mp3, realtek, registry, scan, security, senden, server, software, svchost.exe, viren, virus, windows |
Linear-Darstellung
