| |
| |||||||
Log-Analyse und Auswertung: Win7: Nach unvorsichtigem Klick auf "updateflashplayer.***.exe" lädt iexplore.exe von selbstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.08.2014, 01:29
| #1 |
 |  Win7: Nach unvorsichtigem Klick auf "updateflashplayer.***.exe" lädt iexplore.exe von selbst Hallo zusammen, nachdem ich am letzten Donnerstag unvorsichtigerweise bei dem Pop-Up der "updateflashplayer.***.exe" auf OK geklickt habe, lädt der Internet-Explorer von selbst, öffnet mehrere Prozesse und ruft laut History irgendwelche Internetseiten auf. Wird der IE gelöscht bzw. deaktiviert, scheint sich das Problem auf die explorer.exe zu verlagern und dort sein Unwesen zu treiben. Direkt im Anschluss an den Klick wurde von Avira TR/ATRAPS.Gen gefunden und ein paar Stunden später TR/Crypt.ZPACK.93160. Nachdem die betroffenen Datein in der Qurantäne waren, fand Avira keine neuen Bedrohungen. An den folgenden Tagen wurde jedoch mehrfach über den Browser-Schutz eine Datei geblockt (siehe untenstehenden Log). Über den Eset Online-Scanner wurde ebenfalls nichts weltbewegendes gefunden. Ich würde mich freuen, wenn ich mit eurer Hilfe mein System wieder sauber bekommen würde. Danke schon mal im Vorraus! Mit freundlichem Gruß  Wie gefordert, habe ich schon ein paar Log-Dateien erstellt: Avira: Code:
ATTFilter Exportierte Ereignisse:
19.08.2014 14:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
19.08.2014 11:19 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1428/iLividSetup-r1428-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
19.08.2014 01:46 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
19.08.2014 01:07 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
19.08.2014 01:07 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 23:03 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 23:03 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 16:28 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1428/iLividSetup-r1428-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 15:58 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 15:30 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1428/iLividSetup-r1428-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 15:24 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1428/iLividSetup-r1428-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 15:12 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
18.08.2014 14:44 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://download.cdn.sharelive.net/cdn/r/1427/iLividSetup-r1427-t-bi.exe"
wurde ein Virus oder unerwünschtes Programm 'APPL/Downloader.Gen' [program]
gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben
17.08.2014 20:40 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\AmgoxBudga\AmgoxBudga.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.93160'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5172652c.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1188316696-1463214734-3367143495-1001\SOFTWARE\Microsoft\Wi
ndows\CurrentVersion\Run\AmgoxBudga> wurde erfolgreich repariert.
17.08.2014 20:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\AmgoxBudga\AmgoxBudga.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.93160' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2014 20:38 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\AqgalPoruf\AqgalPoruf.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.93160'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5160604c.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1188316696-1463214734-3367143495-1001\SOFTWARE\Microsoft\Wi
ndows\CurrentVersion\Run\AqgalPoruf> wurde erfolgreich repariert.
17.08.2014 20:35 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\AqgalPoruf\AqgalPoruf.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.93160' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.08.2014 17:13 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Michael\AppData\Roaming\Microsoft\Windows\IEUpdate\eventvwr.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung
C:\Program Files (x86)\ICQ7.4\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 Win32/OpenCandy potenziell unsichere Anwendung
C:\Program Files (x86)\ICQ7.4\upgrade\53e83dd5315bfb1f928441c9b4618b68 Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Templates\FCTBSetup.exe Variante von Win32/Complitly.A evtl. unerwünschte Anwendung
C:\Users\Michael\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Michael\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Michael\Downloads\FCTBSetup.exe Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung
C:\Users\Michael\Downloads\FreeAudioConverter-5.0.45.806.exe Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
C:\Users\Michael\Downloads\OrbitDownloaderSetup4111.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Michael\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:18 on 20/08/2014 (Michael)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Michael (administrator) on MICHAEL-PC on 21-08-2014 01:06:06
Running from C:\Users\Michael\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logitech\QCDriver3\LVComS.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe [69000 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [LVCOMS] => C:\Program Files (x86)\Common Files\Logitech\QCDriver3\LVCOMS.EXE [127022 2002-12-10] (Logitech Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1188316696-1463214734-3367143495-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1188316696-1463214734-3367143495-1001\...\Command Processor: "C:\Users\Michael\AppData\Roaming\Microsoft\Windows\IEUpdate\eventvwr.exe" <===== ATTENTION!
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8ndo486f.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8ndo486f.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8ndo486f.default\Extensions\abs@avira.com [2014-08-19]
FF Extension: DownloadHelper - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8ndo486f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe [55688 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [193416 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
U3 kxliifow; \??\C:\Users\Michael\AppData\Local\Temp\kxliifow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 01:06 - 2014-08-21 01:06 - 00016181 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-08-20 21:55 - 2014-08-20 21:56 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
2014-08-20 21:19 - 2014-08-21 01:06 - 00000000 ____D () C:\FRST
2014-08-20 21:17 - 2014-08-20 21:17 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2014-08-20 20:50 - 2014-08-20 20:50 - 00000000 ____D () C:\Users\Michael\AppData\Local\{3D2DD5FB-6969-4999-B157-B2A43AC4ECE1}
2014-08-20 20:24 - 2014-08-21 01:04 - 00000000 ____D () C:\Users\Michael\Desktop\System-Säuberung
2014-08-20 20:21 - 2014-08-20 20:21 - 02101760 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-08-20 11:36 - 2014-08-20 11:36 - 00046873 _____ () C:\Windows\SysWOW64\unil.exe
2014-08-20 11:36 - 2014-08-20 11:36 - 00000000 ____D () C:\Michael
2014-08-19 21:44 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 21:44 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 21:44 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 21:44 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 21:44 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 21:44 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 21:44 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 21:44 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 21:44 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 21:44 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 21:44 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 21:44 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 21:44 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 21:44 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 21:44 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 21:44 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 21:44 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 21:44 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 21:44 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 21:44 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 21:44 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 21:44 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 21:44 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 21:44 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 21:44 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 21:44 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 21:44 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 21:44 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 21:44 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 21:44 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 21:44 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 21:44 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 21:44 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 21:44 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 21:44 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 21:44 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 21:44 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 21:44 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 21:44 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 21:44 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 21:44 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 21:44 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 21:44 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 21:44 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 21:44 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 21:44 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 21:44 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 21:44 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 21:44 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 21:44 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 21:44 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 21:44 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 21:44 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 21:44 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-19 21:44 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 21:44 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 15:51 - 2014-08-19 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\{38B2E845-4D07-4961-B970-98EC8CD0CEAD}
2014-08-19 15:39 - 2014-08-19 15:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 15:39 - 2014-08-19 15:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 15:39 - 2014-08-19 15:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 15:39 - 2014-08-19 15:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 15:39 - 2014-08-19 15:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 15:39 - 2014-08-19 15:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 15:39 - 2014-08-19 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 15:37 - 2014-08-19 15:37 - 02077392 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\IE11-Windows6.1.exe
2014-08-19 15:15 - 2014-08-19 15:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C44E66C8-D51D-495E-BA97-4304D70E0182}
2014-08-19 15:10 - 2014-08-19 15:11 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael\Downloads\avira_de_av___ws.exe
2014-08-19 12:40 - 2014-08-19 15:50 - 00001417 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-18 22:44 - 2014-08-18 22:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{731D6040-732C-4DE9-98FC-709267031DBD}
2014-08-18 15:06 - 2014-08-18 15:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{99AC47CD-5F49-4750-A2FF-426C684CBE8E}
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F0D04E7A-FEB5-4741-AEDF-E437370C8C62}
2014-08-18 13:02 - 2014-08-18 13:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{153F9F39-0933-4147-AE57-91E7DA2D8CAA}
2014-08-18 11:04 - 2014-08-18 11:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5D930934-5124-466B-AE81-79A4AF65A101}
2014-08-17 22:20 - 2014-08-17 22:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-17 22:19 - 2014-08-17 22:20 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe
2014-08-17 21:30 - 2014-08-19 11:56 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-08-17 18:05 - 2014-08-17 18:06 - 04813544 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup416.exe
2014-08-17 17:57 - 2014-08-17 17:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1BC41C44-349C-4656-B3E0-26163AA28D42}
2014-08-17 17:10 - 2014-08-17 17:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0107BFDA-B12C-48F6-8E47-B4AB6B8CDE05}
2014-08-17 01:04 - 2014-08-17 01:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{34A4F854-7900-4862-8F65-6E12975E9D54}
2014-08-15 09:23 - 2014-08-15 09:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1442DB7E-FFC6-4E4C-91D8-99B7C9E1E12B}
2014-08-14 10:36 - 2014-08-14 10:37 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C42E855C-4B60-429C-B1B3-4D95D47F24DA}
2014-08-13 12:19 - 2014-08-13 12:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D1DF6F7D-6F82-4F22-ABDE-0C7640A75E89}
2014-08-13 10:51 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 10:51 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 10:51 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 10:51 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 10:51 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 10:51 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 10:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 10:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:49 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 10:49 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 10:49 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 10:49 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 10:49 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 10:49 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 10:49 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 10:49 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 10:49 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 10:49 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 10:49 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 10:49 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 10:49 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 10:48 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 10:47 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 10:47 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 10:41 - 2014-08-13 10:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\{42D91D13-48AF-4C95-AC18-F5C8ED438B6B}
2014-08-12 20:25 - 2014-08-12 20:25 - 00001442 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-08-12 20:25 - 2014-08-12 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-12 20:24 - 2014-08-12 20:25 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-12 20:23 - 2014-08-12 20:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-08-12 20:21 - 2014-08-12 20:21 - 28401992 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioConverter-5.0.45.806.exe
2014-08-12 09:54 - 2014-08-12 09:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\{16A1732A-8B23-43D9-B2F8-08B5350750A4}
2014-08-11 11:20 - 2014-08-11 11:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 11:20 - 2014-08-11 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 14:04 - 2014-08-10 14:05 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F467A3D9-869E-4765-9078-E3264A274CF0}
2014-08-09 22:23 - 2014-08-09 22:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F7399A5B-CD27-486F-A1D5-FD6C3D51BCEA}
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7D239DDE-821E-4374-AB96-548753FFCF88}
2014-08-07 10:42 - 2014-08-07 10:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5CA6A5DA-5962-42D5-85A3-DD0C8C5E074A}
2014-08-05 23:24 - 2014-08-05 23:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4259FC1B-9E4C-4327-8682-FDFA031883E7}
2014-08-05 10:44 - 2014-08-05 10:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{02E8177A-A326-430D-9F87-8695E6E7A536}
2014-08-04 10:30 - 2014-08-18 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-04 10:30 - 2014-08-18 15:09 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-04 10:21 - 2014-08-04 10:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0ED40260-078E-4866-808C-6365BF7B08E7}
2014-08-03 10:42 - 2014-08-03 10:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7FDF989D-B9F7-4C21-AF30-B584D8B06731}
2014-08-02 10:44 - 2014-08-02 10:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0AB8EE49-D6F2-4F5A-A331-5A29BAB69788}
2014-08-01 16:43 - 2014-08-01 16:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E4EC2F12-65F1-4545-8BAC-BE4850219F5D}
2014-08-01 11:43 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 11:43 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 11:43 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 11:43 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 11:43 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 11:43 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 11:43 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 11:43 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 11:43 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 11:43 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 11:42 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 11:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 11:42 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 11:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 11:40 - 2014-08-01 11:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{56FDFAE9-4B17-4F4B-9C85-E6BE0DC83F9D}
2014-07-31 10:13 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\Michael\AppData\Local\{9ED1D688-C768-4252-837E-9EED3F2C7C81}
2014-07-30 10:06 - 2014-07-30 10:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{DF2A5F04-B151-45D0-B89C-5B72B809C057}
2014-07-28 23:39 - 2014-07-28 23:39 - 06263496 _____ (TeamViewer GmbH) C:\Users\Michael\Downloads\TeamViewer_Setup_de(1).exe
2014-07-28 14:09 - 2014-07-28 14:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\{FC51DA7A-724C-4067-B14C-ECA44D6160F6}
2014-07-27 02:56 - 2014-07-27 02:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{86D836D1-7D57-417C-9539-3178402DEBDB}
2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{27BC7407-D8A8-4BE1-AEBE-30E39F3C0A4F}
2014-07-25 10:06 - 2014-07-25 10:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{524DF4E6-F594-4222-957A-51E5964C0E9F}
2014-07-22 10:10 - 2014-07-22 10:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5B2BCFE3-C266-4AF7-B991-3C2A44E0CFDF}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-21 01:06 - 2014-08-21 01:06 - 00016181 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-08-21 01:06 - 2014-08-20 21:19 - 00000000 ____D () C:\FRST
2014-08-21 01:05 - 2010-09-17 18:57 - 01834659 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 01:04 - 2014-08-20 20:24 - 00000000 ____D () C:\Users\Michael\Desktop\System-Säuberung
2014-08-20 21:56 - 2014-08-20 21:55 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
2014-08-20 21:46 - 2011-02-07 23:29 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-20 21:17 - 2014-08-20 21:17 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2014-08-20 21:17 - 2011-02-07 18:32 - 00000000 ____D () C:\Users\Michael
2014-08-20 20:57 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 20:57 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 20:50 - 2014-08-20 20:50 - 00000000 ____D () C:\Users\Michael\AppData\Local\{3D2DD5FB-6969-4999-B157-B2A43AC4ECE1}
2014-08-20 20:50 - 2011-02-09 18:59 - 00000000 ____D () C:\Users\Michael\Tracing
2014-08-20 20:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 20:49 - 2009-07-14 06:51 - 00187519 _____ () C:\Windows\setupact.log
2014-08-20 20:49 - 2009-07-14 06:45 - 00286024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 20:46 - 2011-02-08 22:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-08-20 20:21 - 2014-08-20 20:21 - 02101760 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-08-20 20:18 - 2011-10-05 03:30 - 00000000 ____D () C:\Users\Michael\AppData\Local\FreePDF_XP
2014-08-20 20:08 - 2011-10-02 16:00 - 00443904 ___SH () C:\Users\Michael\Thumbs.db
2014-08-20 17:57 - 2013-05-19 23:11 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-08-20 17:52 - 2012-05-20 03:35 - 00000035 _____ () C:\Users\Michael\Desktop\proxtube.txt
2014-08-20 12:09 - 2013-09-13 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2014-08-20 11:36 - 2014-08-20 11:36 - 00046873 _____ () C:\Windows\SysWOW64\unil.exe
2014-08-20 11:36 - 2014-08-20 11:36 - 00000000 ____D () C:\Michael
2014-08-20 11:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 10:00 - 2010-09-17 18:54 - 00170844 _____ () C:\Windows\PFRO.log
2014-08-20 00:49 - 2012-01-11 17:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Unity
2014-08-20 00:49 - 2011-12-06 03:26 - 00000717 _____ () C:\Windows\wininit.ini
2014-08-20 00:48 - 2010-09-17 19:14 - 00040818 _____ () C:\Windows\DPINST.LOG
2014-08-20 00:03 - 2011-02-08 22:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ICQ
2014-08-19 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-19 15:51 - 2014-08-19 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\{38B2E845-4D07-4961-B970-98EC8CD0CEAD}
2014-08-19 15:50 - 2014-08-19 12:40 - 00001417 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 15:45 - 2013-11-12 11:03 - 00020973 _____ () C:\Windows\IE11_main.log
2014-08-19 15:39 - 2014-08-19 15:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-19 15:39 - 2014-08-19 15:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-19 15:39 - 2014-08-19 15:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-19 15:39 - 2014-08-19 15:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-19 15:39 - 2014-08-19 15:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-19 15:39 - 2014-08-19 15:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-19 15:39 - 2014-08-19 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-19 15:39 - 2014-08-19 15:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 15:39 - 2014-08-19 15:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-19 15:37 - 2014-08-19 15:37 - 02077392 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\IE11-Windows6.1.exe
2014-08-19 15:15 - 2014-08-19 15:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C44E66C8-D51D-495E-BA97-4304D70E0182}
2014-08-19 15:11 - 2014-08-19 15:10 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Michael\Downloads\avira_de_av___ws.exe
2014-08-19 11:56 - 2014-08-17 21:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-08-19 02:37 - 2014-02-27 18:56 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-19 00:02 - 2011-09-20 18:26 - 00000140 _____ () C:\Windows\9888.MOD
2014-08-18 22:44 - 2014-08-18 22:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{731D6040-732C-4DE9-98FC-709267031DBD}
2014-08-18 22:42 - 2010-07-13 13:57 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-08-18 16:01 - 2010-07-13 13:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-18 15:39 - 2012-06-18 15:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 15:39 - 2012-06-18 15:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-18 15:10 - 2014-08-04 10:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 15:09 - 2014-08-04 10:30 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 15:09 - 2013-08-05 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 15:09 - 2013-08-05 18:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-18 15:06 - 2014-08-18 15:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{99AC47CD-5F49-4750-A2FF-426C684CBE8E}
2014-08-18 14:34 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-18 14:28 - 2012-11-13 17:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-18 14:01 - 2014-08-18 14:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F0D04E7A-FEB5-4741-AEDF-E437370C8C62}
2014-08-18 14:01 - 2011-02-07 18:32 - 00062472 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 13:59 - 2012-11-13 17:36 - 00004324 _____ () C:\ProgramData\hpzinstall.log
2014-08-18 13:59 - 2012-11-13 17:36 - 00000000 ____D () C:\ProgramData\HP
2014-08-18 13:02 - 2014-08-18 13:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\{153F9F39-0933-4147-AE57-91E7DA2D8CAA}
2014-08-18 11:04 - 2014-08-18 11:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5D930934-5124-466B-AE81-79A4AF65A101}
2014-08-18 00:27 - 2012-09-27 00:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\FileZilla
2014-08-18 00:00 - 2011-09-15 11:40 - 00000353 _____ () C:\Users\Michael\Desktop\Neues Textdokument.txt
2014-08-17 22:20 - 2014-08-17 22:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-17 22:20 - 2014-08-17 22:19 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_deu.exe
2014-08-17 18:07 - 2012-06-18 17:34 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 18:07 - 2012-06-18 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-17 18:07 - 2012-06-18 17:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-17 18:06 - 2014-08-17 18:05 - 04813544 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup416.exe
2014-08-17 17:57 - 2014-08-17 17:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1BC41C44-349C-4656-B3E0-26163AA28D42}
2014-08-17 17:10 - 2014-08-17 17:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0107BFDA-B12C-48F6-8E47-B4AB6B8CDE05}
2014-08-17 01:04 - 2014-08-17 01:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{34A4F854-7900-4862-8F65-6E12975E9D54}
2014-08-15 09:23 - 2014-08-15 09:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{1442DB7E-FFC6-4E4C-91D8-99B7C9E1E12B}
2014-08-14 20:54 - 2014-06-11 18:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-08-14 10:39 - 2012-04-03 10:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 10:39 - 2011-06-02 00:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 10:37 - 2014-08-14 10:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\{C42E855C-4B60-429C-B1B3-4D95D47F24DA}
2014-08-13 12:20 - 2014-08-13 12:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\{D1DF6F7D-6F82-4F22-ABDE-0C7640A75E89}
2014-08-13 11:03 - 2013-07-14 13:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 10:55 - 2011-02-08 16:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 10:50 - 2014-04-23 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 10:41 - 2014-08-13 10:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\{42D91D13-48AF-4C95-AC18-F5C8ED438B6B}
2014-08-12 20:25 - 2014-08-12 20:25 - 00001442 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-08-12 20:25 - 2014-08-12 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-12 20:25 - 2014-08-12 20:24 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-12 20:24 - 2014-08-12 20:23 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-08-12 20:21 - 2014-08-12 20:21 - 28401992 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioConverter-5.0.45.806.exe
2014-08-12 09:55 - 2014-08-12 09:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\{16A1732A-8B23-43D9-B2F8-08B5350750A4}
2014-08-11 11:21 - 2013-10-29 11:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-11 11:20 - 2014-08-11 11:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-11 11:20 - 2014-08-11 11:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 11:20 - 2014-08-11 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 11:20 - 2013-07-03 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-10 14:05 - 2014-08-10 14:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F467A3D9-869E-4765-9078-E3264A274CF0}
2014-08-09 22:23 - 2014-08-09 22:23 - 00000000 ____D () C:\Users\Michael\AppData\Local\{F7399A5B-CD27-486F-A1D5-FD6C3D51BCEA}
2014-08-08 22:34 - 2011-02-08 22:20 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7D239DDE-821E-4374-AB96-548753FFCF88}
2014-08-07 10:42 - 2014-08-07 10:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5CA6A5DA-5962-42D5-85A3-DD0C8C5E074A}
2014-08-07 04:06 - 2014-08-13 10:47 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 10:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 23:24 - 2014-08-05 23:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\{4259FC1B-9E4C-4327-8682-FDFA031883E7}
2014-08-05 10:44 - 2014-08-05 10:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{02E8177A-A326-430D-9F87-8695E6E7A536}
2014-08-05 09:20 - 2013-05-19 23:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 10:30 - 2013-08-05 18:04 - 00000000 ____D () C:\ProgramData\Avira
2014-08-04 10:21 - 2014-08-04 10:21 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0ED40260-078E-4866-808C-6365BF7B08E7}
2014-08-03 10:42 - 2014-08-03 10:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\{7FDF989D-B9F7-4C21-AF30-B584D8B06731}
2014-08-02 10:44 - 2014-08-02 10:44 - 00000000 ____D () C:\Users\Michael\AppData\Local\{0AB8EE49-D6F2-4F5A-A331-5A29BAB69788}
2014-08-01 16:43 - 2014-08-01 16:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\{E4EC2F12-65F1-4545-8BAC-BE4850219F5D}
2014-08-01 11:40 - 2014-08-01 11:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\{56FDFAE9-4B17-4F4B-9C85-E6BE0DC83F9D}
2014-08-01 01:41 - 2014-08-19 21:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-19 21:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 10:13 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\Michael\AppData\Local\{9ED1D688-C768-4252-837E-9EED3F2C7C81}
2014-07-30 10:06 - 2014-07-30 10:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{DF2A5F04-B151-45D0-B89C-5B72B809C057}
2014-07-30 10:05 - 2012-04-25 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 22:21 - 2014-06-10 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 23:40 - 2012-02-14 15:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2014-07-28 23:39 - 2014-07-28 23:39 - 06263496 _____ (TeamViewer GmbH) C:\Users\Michael\Downloads\TeamViewer_Setup_de(1).exe
2014-07-28 14:09 - 2014-07-28 14:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\{FC51DA7A-724C-4067-B14C-ECA44D6160F6}
2014-07-27 02:56 - 2014-07-27 02:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\{86D836D1-7D57-417C-9539-3178402DEBDB}
2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{27BC7407-D8A8-4BE1-AEBE-30E39F3C0A4F}
2014-07-25 16:52 - 2014-08-19 21:44 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-19 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-19 21:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-19 21:44 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-19 21:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-19 21:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-19 21:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-19 21:44 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-19 21:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-19 21:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-19 21:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-19 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-19 21:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-19 21:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-19 21:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-19 21:44 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-19 21:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-19 21:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-19 21:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-19 21:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-19 21:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-19 21:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-19 21:44 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-19 21:44 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-19 21:44 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-19 21:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-19 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-19 21:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-19 21:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-19 21:44 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-19 21:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-19 21:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-19 21:44 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-19 21:44 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-19 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-19 21:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-19 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-19 21:44 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-19 21:44 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-19 21:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-19 21:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-19 21:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-19 21:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-19 21:44 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-19 21:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-19 21:44 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-19 21:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-19 21:44 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-19 21:44 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-19 21:44 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-19 21:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-19 21:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-19 21:44 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-19 21:44 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 10:06 - 2014-07-25 10:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\{524DF4E6-F594-4222-957A-51E5964C0E9F}
2014-07-25 10:05 - 2012-05-13 15:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 10:05 - 2012-05-13 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 10:05 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-24 10:43 - 2012-05-13 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 10:10 - 2014-07-22 10:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\{5B2BCFE3-C266-4AF7-B991-3C2A44E0CFDF}
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 15:44
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Michael at 2014-08-21 01:06:37
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
EaseUS Data Recovery Wizard 6.1 (HKLM-x32\...\EaseUS Data Recovery Wizard 6.1_is1) (Version: - EaseUS)
EASEUS Partition Master 7.0.1 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
EASEUS Todo Backup Home 2.0 (HKLM-x32\...\EASEUS Todo Backup Home 2.0_is1) (Version: 2.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free Audio Converter version 5.0.45.806 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.45.806 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
ICQ7.4 (HKLM-x32\...\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}) (Version: 7.4 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Professional (HKLM-x32\...\{00010407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2000 (HKLM-x32\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5903 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9060 - ooVoo LLC.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WEKA Media GmbH & Co.KG Technische Hilfeleistung 4.0 (HKLM-x32\...\WEKA Media GmbH & Co.KG Technische Hilfeleistung 4.0) (Version: - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {C70325C1-6345-42AF-A8DF-CF21A9CCFC05} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
==================== Loaded Modules (whitelisted) =============
2011-10-05 03:26 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-07-14 21:23 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-02-08 21:29 - 2011-01-22 16:57 - 00050056 _____ () C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
2011-02-08 21:30 - 2008-11-25 18:18 - 01291264 _____ () C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\libxml2.dll
2011-02-08 21:30 - 2004-10-05 04:08 - 00055808 _____ () C:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\zlib1.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-07-25 08:10 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-08-04 10:30 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Michael\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-13 12:42 - 2014-08-13 12:42 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-07-13 13:32 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/20/2014 09:56:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/20/2014 09:56:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/20/2014 09:56:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/20/2014 09:56:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/20/2014 08:09:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/20/2014 07:46:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (08/20/2014 06:19:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: WININET.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d236b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000001629d4
ID des fehlerhaften Prozesses: 0x1280
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/20/2014 02:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000022
Fehleroffset: 0x00000000000cd7e8
ID des fehlerhaften Prozesses: 0xbb4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (08/20/2014 01:34:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (08/20/2014 11:14:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
System errors:
=============
Error: (08/20/2014 08:47:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/20/2014 10:01:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (08/19/2014 03:50:54 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (08/18/2014 01:03:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (08/17/2014 09:21:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/17/2014 08:33:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (08/17/2014 08:28:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (08/17/2014 08:07:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/17/2014 08:07:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (08/17/2014 08:01:32 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (08/20/2014 09:56:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/20/2014 09:56:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/20/2014 09:56:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/20/2014 09:56:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu(1).exe
Error: (08/20/2014 08:09:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\Downloads\esetsmartinstaller_deu.exe
Error: (08/20/2014 07:46:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (08/20/2014 06:19:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4WININET.dll11.0.9600.1723953d236b8c000000500000000001629d4128001cfbc70fe5a9a49C:\Windows\Explorer.EXEC:\Windows\system32\WININET.dllb23afc5b-2885-11e4-935e-88ae1d993dcd
Error: (08/20/2014 02:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000002200000000000cd7e8bb401cfbc5df10342d8C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll393aa6f6-2864-11e4-935e-4c0f6e81e274
Error: (08/20/2014 01:34:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (08/20/2014 11:14:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3958.71 MB
Available physical RAM: 1834.02 MB
Total Pagefile: 7917.42 MB
Available Pagefile: 5392.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:141.6 GB) (Free:66.03 GB) NTFS
Drive e: (Privates) (Fixed) (Total:73.75 GB) (Free:7.71 GB) NTFS
Drive f: () (Fixed) (Total:237.3 GB) (Free:19.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5123CE05)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=311.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
Bei dem ersten Scan mit GMER verabschiedete sich das ganze in einem Blue-Screen, nach etwas in den Prozessen der iexplore.exe gefunden wurde. Der zweite Scan ohne laufende Prozesse der iexplore.exe war erfolgreich. GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-21 01:45:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kxliifow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3440] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3440] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [1580:1596] 0000000076307587
Thread [1580:1624] 0000000074cabfb4
Thread [1580:1672] 0000000074cabfb4
Thread [1580:1676] 0000000074cabfb4
Thread [1580:1680] 0000000074cabfb4
Thread [1580:1724] 0000000072d032fb
Thread [1580:1864] 0000000077512e65
Thread [1580:3860] 0000000077513e85
Thread C:\Windows\Explorer.EXE [2284:3140] 00000000045118e0
---- EOF - GMER 2.1 ----
|
| Themen zu Win7: Nach unvorsichtigem Klick auf "updateflashplayer.***.exe" lädt iexplore.exe von selbst |
| 0x8007042, appl/downloader.gen, ccsetup, conduitsearch, conduitsearch entfernen, device driver, dvdvideosoft ltd., launch, pup.optional.pricegong.a, tr/atraps.gen, tr/crypt.zpack.93160, tr/crypt.zpack.93160., trojan.agent.ev, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/bundled.toolbar.google.d, win32/complitly.a, win32/injector.bkbo, win32/installshare.a, win32/kryptik.cjaj, win32/opencandy.a, win32/toolbar.searchsuite |
Baum-Darstellung