Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by larai_000 at 2014-04-08 16:14:38
Running from C:\Users\larai_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandizip (HKCU\...\Bandizip) (Version: 2.0 - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Formelrechner (HKLM-x32\...\{69F0CEA4-43E2-4CBB-92DF-41860A40A631}) (Version: 1.00.0000 - Cornelsen Verlag)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.12.0 - International GeoGebra Institute)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{AF71B42D-3821-4376-9974-84E507F88EC0}) (Version: 1.0.20.80 - Google)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPlayer für Windows (HKLM-x32\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2014-01-13 - The MPlayer Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Ihr Firmenname)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SMART Common Platform (HKLM-x32\...\{0E5DD7A3-BE29-430C-970B-C553F4A58C39}) (Version: 10.8.159.0 - Ihr Firmenname)
SMART Notebook (HKLM-x32\...\{ED0FF410-41B9-441F-B457-4AC81782E8BF}) (Version: 10.8.364.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}) (Version: 10.8.212.0 - SMART Technologies ULC)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
==================== Restore Points =========================
13-03-2014 06:00:57 Windows Update
19-03-2014 00:09:59 Windows Update
27-03-2014 20:10:34 Geplanter Prüfpunkt
31-03-2014 16:39:29 Windows Update
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B103143-A060-41AF-8150-682021D14707} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {155C0127-633C-45DE-8AF6-4D4DFFB2A398} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4356290E-984B-4AF4-942B-BB57A56C570F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73B4E2DB-7182-479F-A06F-2E3008DA2B85} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95BE1098-ED2B-4F76-85B2-DEF866534A3A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D16C5DA8-5F0D-400B-AC32-AA46C8130D05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-27] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E70FA8D1-2DC5-4781-ABB7-FE6A2BFCD872} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-08-07 03:16 - 2012-08-07 03:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-07 03:16 - 2012-08-07 03:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-07 03:16 - 2012-08-07 03:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-07 03:16 - 2012-08-07 03:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-07 03:16 - 2012-08-07 03:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-07 03:16 - 2012-08-07 03:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-08-01 03:10 - 2012-08-01 03:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-08-01 03:05 - 2012-08-01 03:05 - 00020992 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-14 19:07 - 2013-08-19 18:21 - 00484640 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-03-20 17:49 - 2014-03-19 11:59 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe
2013-11-05 16:41 - 2013-11-05 16:41 - 00146944 _____ () C:\Program Files\WindowsApps\mobfishGmbH.WerWirdReich_1.1.0.0_x64__2zn8ak6882dj0\WerWirdReich.exe
2014-03-05 22:42 - 2014-03-05 22:42 - 00730624 _____ () C:\Users\larai_000\AppData\Local\Packages\mobfishgmbh.werwirdreich_2zn8ak6882dj0\AC\Microsoft\CLR_v4.0\NativeImages\WerWirdReich\9ba3fb184ed7f498ab19538112ac6ed2\WerWirdReich.ni.exe
2014-03-05 22:42 - 2014-03-05 22:42 - 05179392 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\04aacbbcef901112778b798536c628ae\Windows.UI.Xaml.ni.dll
2014-03-05 22:43 - 2014-03-05 22:43 - 00764928 _____ () C:\Users\larai_000\AppData\Local\Packages\mobfishgmbh.werwirdreich_2zn8ak6882dj0\AC\Microsoft\CLR_v4.0\NativeImages\WWR-Logic\9cf438bcb0890aae9dd78725405917a0\WWR-Logic.ni.dll
2014-02-18 09:37 - 2014-02-18 09:37 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\29e4b2d8f87a111865c3302f567b4a82\Windows.Storage.ni.dll
2014-02-18 09:37 - 2014-02-18 09:37 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\8d0f16d53c303f545bdc3bdeeb2a7fb3\Windows.Foundation.ni.dll
2014-02-16 18:16 - 2014-02-16 18:16 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\8848363a64856b740e9ebd321b6a98ca\Windows.ApplicationModel.ni.dll
2014-03-05 22:43 - 2014-03-05 22:43 - 00059392 _____ () C:\Users\larai_000\AppData\Local\Packages\mobfishgmbh.werwirdreich_2zn8ak6882dj0\AC\Microsoft\CLR_v4.0\NativeImages\DT.GoogleAn8f71db2b#\6d5a2f7c44fede7a549ff5cd155906bf\DT.GoogleAnalytics.Metro.ni.dll
2014-02-18 09:37 - 2014-02-18 09:37 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\3363e49b745a5ddf1aaf80b18c175191\Windows.UI.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\ed3886aaf7efc3feec0169cf9014cb11\Windows.Globalization.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\351e47290edcd65f27c75470c1ea6cd2\Windows.Data.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\b4178c95c7aafade0fcdb76b09bd2973\Windows.Security.ni.dll
2014-02-18 09:37 - 2014-02-18 09:37 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\67df9eac656929e232d804428e224a7d\Windows.System.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\690b3f44ab1db69bc7ba1e4ceee9b89f\Windows.Devices.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\5d30480aa910c28c2571439d412f3b53\Windows.Networking.ni.dll
2014-03-05 22:42 - 2014-03-05 22:42 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\fb496048d93b67e96961f34a0955f3d8\Windows.Graphics.ni.dll
2014-03-01 00:50 - 2014-03-01 00:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-24 21:33 - 2014-04-03 17:08 - 00602680 _____ () C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-03 12:46 - 2014-01-03 12:46 - 03244032 _____ () C:\Users\larai_000\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2013-11-01 01:04 - 2013-11-01 01:04 - 00051120 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
2013-11-01 01:04 - 2013-11-01 01:04 - 00054184 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
2014-04-03 17:08 - 2014-04-03 17:08 - 00098816 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32api.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00110080 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\PyWinTypes27.dll
2014-04-03 17:08 - 2014-04-03 17:08 - 00364544 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\pythoncom27.dll
2014-04-03 17:08 - 2014-04-03 17:08 - 00044032 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_socket.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 01157120 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_ssl.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00320512 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32com.shell.shell.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00712192 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_hashlib.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 01175040 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._core_.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00805888 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._gdi_.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00811008 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._windows_.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 01062400 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._controls_.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00735232 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._misc_.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00128512 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_elementtree.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00127488 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\pyexpat.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00557056 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\pysqlite2._sqlite.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00087040 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_ctypes.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00119808 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32file.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00108544 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32security.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00018432 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32event.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00038912 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32inet.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00122368 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._wizard.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00070656 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\wx._html2.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00026624 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\_multiprocessing.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00010240 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\select.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00024064 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32pipe.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00686080 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\unicodedata.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00025600 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32pdh.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00525640 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\windows._lib_cacheinvalidation.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00011264 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32crypt.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00035840 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32process.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00017408 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32profile.pyd
2014-04-03 17:08 - 2014-04-03 17:08 - 00022528 _____ () C:\Users\larai_000\AppData\Local\Temp\_MEI29082\win32ts.pyd
2014-02-15 02:15 - 2014-02-15 02:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1df9802ff26ff010ffa8c9346f4974df\PSIClient.ni.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2012-11-17 07:19 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-14 19:07 - 2013-10-12 00:21 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-22 04:05 - 2012-11-26 06:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-22 04:05 - 2012-11-26 06:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-03-20 17:49 - 2014-03-19 11:59 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libglesv2.dll
2014-03-20 17:49 - 2014-03-19 11:59 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libegl.dll
2014-03-20 17:49 - 2014-03-19 11:59 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\ffmpegsumo.dll
2014-03-20 17:49 - 2014-03-19 11:59 - 02198368 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\launcher_lib.dll
2012-12-25 10:52 - 2014-04-03 17:08 - 36966968 _____ () C:\Users\larai_000\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-24 21:33 - 2014-04-03 17:08 - 00886840 _____ () C:\Users\larai_000\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 21:33 - 2014-04-03 17:08 - 00108600 _____ () C:\Users\larai_000\AppData\Roaming\Spotify\Data\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\larai_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: SMART Technologies ULC
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2014 03:53:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.16441, Zeitstempel: 0x5265dec8
Name des fehlerhaften Moduls: DropboxExt64.19.dll, Version: 1.0.0.19, Zeitstempel: 0x51549d74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000008cc7
ID des fehlerhaften Prozesses: 0xa70
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 768829
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 768829
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1235
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1235
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 02:48:12 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (04/08/2014 10:35:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7313
Error: (04/08/2014 10:35:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7313
System errors:
=============
Error: (04/08/2014 03:25:44 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 03:25:44 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 03:25:44 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 02:11:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2014 02:08:28 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 02:08:28 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 02:08:28 PM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 10:34:49 AM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (04/08/2014 10:34:47 AM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Error: (04/08/2014 10:34:47 AM) (Source: MTConfig) (User: )
Description: Fehler beim Konfigurieren des Eingabemodus eines Mehrfingereingabegeräts.
Microsoft Office Sessions:
=========================
Error: (04/08/2014 03:53:05 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.3.9600.164415265dec8DropboxExt64.19.dll1.0.0.1951549d74c00000050000000000008cc7a7001cf4f4e65b33b93C:\WINDOWS\Explorer.EXEC:\Users\larai_000\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll1b3ca6c8-bf25-11e3-bebd-a41731734fe4
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 768829
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 768829
Error: (04/08/2014 03:25:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1235
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1235
Error: (04/08/2014 03:12:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/08/2014 02:48:12 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (04/08/2014 10:35:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7313
Error: (04/08/2014 10:35:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7313
CodeIntegrity Errors:
===================================
Date: 2014-04-08 16:13:17.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 16:13:17.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.489
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.108
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-08 00:32:21.047
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-07 07:33:14.622
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-04-07 07:33:14.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 3959.09 MB
Available physical RAM: 1259.83 MB
Total Pagefile: 7927.09 MB
Available Pagefile: 3427.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.54 GB) (Free:744.38 GB) NTFS
Drive x: () (Fixed) (Total:0.34 GB) (Free:0.04 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:11.49 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 89291954)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-08 17:14:44
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD10JPVT-75A1YT0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\LARAI_~1\AppData\Local\Temp\fxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\spoolsv.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1160] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1788] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1788] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1788] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1788] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[2248] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[2248] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[2248] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\WINDOWS\Explorer.EXE[2248] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[980] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[980] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[980] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\Apoint.exe[980] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[428] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[428] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] C:\WINDOWS\system32\PSAPI.dll!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] C:\WINDOWS\system32\PSAPI.dll!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] C:\WINDOWS\system32\PSAPI.dll!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3996] C:\WINDOWS\system32\PSAPI.dll!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4204] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffbedcc1f6a 4 bytes [CC, ED, FB, 7F]
.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4204] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffbedcc1f82 4 bytes [CC, ED, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffbf4da169a 4 bytes [DA, F4, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffbf4da16a2 4 bytes [DA, F4, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffbf4da181a 4 bytes [DA, F4, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffbf4da1832 4 bytes [DA, F4, FB, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [568:2112] fffff960008a54d0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4592] 000000000066d856
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4704] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4776] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4780] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4784] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4788] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4792] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4796] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4800] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4808] 000000000068e785
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4588:4032] 000000000068e785
---- Processes - GMER 2.1 ----
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (Python Core/Python Software Foundation)(2014-04-08 14:55:51) 000000001e000000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001e8c0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001e7a0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:48) 0000000000620000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 00000000003e0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 0000000010000000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001e800000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 00000000025d0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 0000000002d90000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:51) 0000000002ec0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:51) 00000000006b0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:51) 00000000030b0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:51) 0000000003550000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 0000000003690000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 0000000003f60000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:52) 0000000004030000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 00000000042f0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:48) 0000000004400000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001d100000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 00000000040d0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 00000000044c0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001d1a0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001ea10000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001ec80000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001e9b0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001eaa0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:48) 0000000004100000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 0000000004140000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968] (wxWidgets for MSW/wxWidgets development team)(2014-04-08 14:55:52) 0000000005530000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 0000000005550000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 0000000005560000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001eb90000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 00000000055f0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001eb60000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:48) 000000001e980000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:50) 000000001ebf0000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001ec20000
Library C:\Users\LARAI_~1\AppData\Local\Temp\_MEI45682\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4968](2014-04-08 14:55:49) 000000001ed40000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
FRST:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by larai_000 (administrator) on LARA on 08-04-2014 16:13:47
Running from C:\Users\larai_000\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Andrea Electronics Corporation) C:\WINDOWS\system32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\larai_000\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\Aware.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\Marker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Spotify Ltd) C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
() C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
() C:\Program Files\WindowsApps\mobfishGmbH.WerWirdReich_1.1.0.0_x64__2zn8ak6882dj0\WerWirdReich.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
(Spotify Ltd) C:\Users\larai_000\AppData\Roaming\Spotify\spotify.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] - c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-07] ()
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-01] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-01] (Atheros Communications)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Board Service] - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1761136 2011-07-13] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Tools] - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [9800560 2011-06-23] (SMART Technologies ULC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [MPlayerForWindows_AutoUpdateV2] - C:\Program Files (x86)\MPlayer for Windows\Updater.exe [360190 2014-01-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1247236663-3590432271-4137420588-1004\...\Run: [Spotify] - C:\Users\larai_000\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-1247236663-3590432271-4137420588-1004\...\Run: [Spotify Web Helper] - C:\Users\larai_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-1247236663-3590432271-4137420588-1004\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-1247236663-3590432271-4137420588-1004\...\Run: [Google+ Auto Backup] - C:\Users\larai_000\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-03] (Google Inc.)
HKU\S-1-5-21-1247236663-3590432271-4137420588-1004\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\larai_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bd39e240-1d89-2d10-bf13-5cb7e135f497&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bd39e240-1d89-2d10-bf13-5cb7e135f497&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - DefaultScope {6E07C4E9-D050-4A7D-A37A-D8E1E1C2E021} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {6E07C4E9-D050-4A7D-A37A-D8E1E1C2E021} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bd39e240-1d89-2d10-bf13-5cb7e135f497&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bd39e240-1d89-2d10-bf13-5cb7e135f497&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bd39e240-1d89-2d10-bf13-5cb7e135f497&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {6E07C4E9-D050-4A7D-A37A-D8E1E1C2E021} URL =
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default
FF NewTab: about:blank
FF Homepage: hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: QuickFox Notes - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\amin.eft_bmnotes@gmail.com [2013-12-02]
FF Extension: anonymoX - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\client@anonymox.net.xpi [2013-08-30]
FF Extension: FDislike - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\fbdislike@doweb.fr.xpi [2014-03-20]
FF Extension: GMX MailCheck - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\toolbar@gmx.net.xpi [2013-09-22]
FF Extension: Tab Mix Plus - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-17]
FF Extension: FoxTab - C:\Users\larai_000\AppData\Roaming\Mozilla\Firefox\Profiles\h6iv8ffu.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-02-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=&q={searchTerms}&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (New Tab Page) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-31]
CHR Extension: (Google Docs) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-07]
CHR Extension: (Google Drive) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-07]
CHR Extension: (YouTube) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-07]
CHR Extension: (Google-Suche) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-07]
CHR Extension: (Der magische Weg nach Oz) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2013-02-07]
CHR Extension: (avast! Online Security) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-04]
CHR Extension: (Stefanie Posavec) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcdfoihgbodkinaeoamnenflcacjhbal [2014-02-20]
CHR Extension: (DVDVideoSoft) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Google Mail) - C:\Users\larai_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-07]
==================== Services (Whitelisted) =================
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-07] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-08-01] (Qualcomm Atheros Commnucations)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-07] (Cirrus Logic)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-23] (Atheros)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-01] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-07] (Cirrus Logic)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
R3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 16:13 - 2014-04-08 16:14 - 00026134 _____ () C:\Users\larai_000\Downloads\FRST.txt
2014-04-08 16:13 - 2014-04-08 16:13 - 00000000 ____D () C:\FRST
2014-04-08 16:12 - 2014-04-08 16:12 - 02157056 _____ (Farbar) C:\Users\larai_000\Downloads\FRST64.exe
2014-04-08 15:59 - 2014-04-08 16:00 - 00000480 _____ () C:\Users\larai_000\Downloads\defogger_disable.log
2014-04-08 15:59 - 2014-04-08 15:59 - 00050477 _____ () C:\Users\larai_000\Downloads\Defogger.exe
2014-04-08 15:59 - 2014-04-08 15:59 - 00000000 _____ () C:\Users\larai_000\defogger_reenable
2014-04-05 20:50 - 2014-04-05 20:50 - 00000000 ___RD () C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-03 17:06 - 2014-04-03 17:06 - 00744720 _____ () C:\WINDOWS\Minidump\040314-41671-01.dmp
2014-03-31 16:58 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-31 16:58 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-29 17:57 - 2014-03-29 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 08:24 - 2014-03-21 08:24 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Skype
2014-03-20 17:49 - 2014-03-20 17:49 - 00001147 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Opera Software
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Opera Software
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-20 17:48 - 2014-03-20 17:48 - 34734328 _____ (Opera Software ASA) C:\Users\larai_000\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-13 07:54 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 07:54 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 07:54 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 07:54 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 07:54 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 07:54 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 07:54 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 07:54 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 07:54 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 07:54 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 07:54 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 07:54 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 07:54 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 07:54 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 07:54 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 07:54 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 07:54 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 07:54 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 07:54 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 07:54 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 07:54 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 07:54 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 07:54 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 07:54 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 07:54 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 07:54 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 07:54 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 07:54 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 07:54 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 07:54 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 07:54 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 07:54 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 07:54 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 07:54 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 07:54 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 07:54 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 07:54 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 07:54 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 07:54 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 07:54 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 07:54 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 07:54 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 07:54 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 07:54 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 07:54 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 07:54 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 07:54 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 07:54 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 07:54 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 07:54 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 07:54 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 07:54 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 07:54 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 07:54 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 07:54 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 07:54 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 07:54 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 07:53 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 19:59 - 2014-03-12 19:59 - 00000000 ____D () C:\Users\larai_000\Desktop\Lenka Show
2014-03-09 22:55 - 2014-03-09 22:55 - 00001178 _____ () C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-09 22:51 - 2014-02-14 05:22 - 00000426 _____ () C:\AVScanner.ini
2014-03-09 21:54 - 2014-03-09 21:54 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Malwarebytes
2014-03-09 21:53 - 2014-03-09 21:53 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-09 21:53 - 2014-03-09 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-09 21:53 - 2014-03-09 21:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 21:53 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-09 17:52 - 2014-03-09 17:52 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 17:51 - 2014-03-09 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-09 17:51 - 2014-03-09 17:52 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
==================== One Month Modified Files and Folders =======
2014-04-08 16:14 - 2014-04-08 16:13 - 00026134 _____ () C:\Users\larai_000\Downloads\FRST.txt
2014-04-08 16:13 - 2014-04-08 16:13 - 00000000 ____D () C:\FRST
2014-04-08 16:12 - 2014-04-08 16:12 - 02157056 _____ (Farbar) C:\Users\larai_000\Downloads\FRST64.exe
2014-04-08 16:09 - 2012-12-25 10:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-08 16:04 - 2012-12-25 00:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1247236663-3590432271-4137420588-1004
2014-04-08 16:00 - 2014-04-08 15:59 - 00000480 _____ () C:\Users\larai_000\Downloads\defogger_disable.log
2014-04-08 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-08 15:59 - 2014-04-08 15:59 - 00050477 _____ () C:\Users\larai_000\Downloads\Defogger.exe
2014-04-08 15:59 - 2014-04-08 15:59 - 00000000 _____ () C:\Users\larai_000\defogger_reenable
2014-04-08 15:59 - 2013-11-01 01:00 - 00000000 ____D () C:\Users\larai_000
2014-04-08 15:55 - 2012-12-25 10:22 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Spotify
2014-04-08 15:53 - 2013-01-08 08:18 - 00312320 ___SH () C:\Users\larai_000\Desktop\Thumbs.db
2014-04-08 15:52 - 2013-01-28 20:33 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\DVDVideoSoft
2014-04-08 15:48 - 2012-12-27 12:05 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 14:57 - 2013-11-01 12:08 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D793B12E-BB8C-451F-B055-7CA2D9CB9433}
2014-04-08 14:35 - 2013-11-01 01:17 - 01663677 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-08 07:11 - 2012-12-25 16:00 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\vlc
2014-04-08 07:11 - 2012-12-25 10:52 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Spotify
2014-04-08 00:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-06 21:37 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-06 21:37 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-06 21:37 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-05 21:48 - 2012-12-27 12:05 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 21:43 - 2012-12-27 12:05 - 00004098 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 21:43 - 2012-12-27 12:05 - 00003862 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 20:52 - 2013-11-01 10:19 - 00000000 __RDO () C:\Users\larai_000\SkyDrive
2014-04-05 20:52 - 2013-10-21 18:47 - 00000000 ___RD () C:\Users\larai_000\Google Drive
2014-04-05 20:50 - 2014-04-05 20:50 - 00000000 ___RD () C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-05 20:50 - 2013-03-19 09:19 - 00000000 ____D () C:\Users\larai_000\Documents\Bluetooth Folder
2014-04-03 21:21 - 2013-08-22 16:46 - 00302672 _____ () C:\WINDOWS\setupact.log
2014-04-03 17:22 - 2013-08-23 08:02 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Skype
2014-04-03 17:21 - 2012-11-17 07:32 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-04-03 17:06 - 2014-04-03 17:06 - 00744720 _____ () C:\WINDOWS\Minidump\040314-41671-01.dmp
2014-04-03 17:06 - 2013-11-03 23:17 - 582295009 _____ () C:\WINDOWS\MEMORY.DMP
2014-04-03 17:06 - 2013-11-03 23:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-03 17:06 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-03 17:05 - 2012-12-25 00:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 16:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-29 19:11 - 2013-12-16 20:18 - 00000000 ____D () C:\Users\larai_000\Documents\Outlook-Dateien
2014-03-29 17:57 - 2014-03-29 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 17:30 - 2012-12-25 00:27 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Packages
2014-03-21 08:24 - 2014-03-21 08:24 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Skype
2014-03-21 08:24 - 2013-08-23 08:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 08:24 - 2013-08-23 08:02 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 21:19 - 2013-08-22 15:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-20 17:49 - 2014-03-20 17:49 - 00001147 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Opera Software
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Users\larai_000\AppData\Local\Opera Software
2014-03-20 17:49 - 2014-03-20 17:49 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-20 17:48 - 2014-03-20 17:48 - 34734328 _____ (Opera Software ASA) C:\Users\larai_000\Downloads\Opera_20.0.1387.82_Setup.exe
2014-03-19 02:13 - 2013-07-29 15:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 02:11 - 2012-12-26 00:51 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-15 12:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 11:04 - 2013-08-22 16:44 - 00652832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 11:03 - 2014-03-07 15:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:03 - 2014-03-07 15:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 11:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 11:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 08:05 - 2013-12-14 13:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 20:09 - 2012-12-25 10:57 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:59 - 2014-03-12 19:59 - 00000000 ____D () C:\Users\larai_000\Desktop\Lenka Show
2014-03-09 23:40 - 2014-03-04 16:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-09 23:40 - 2013-09-29 21:04 - 00371310 _____ () C:\WINDOWS\PFRO.log
2014-03-09 23:38 - 2012-12-27 12:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-09 22:55 - 2014-03-09 22:55 - 00001178 _____ () C:\Users\larai_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-09 22:51 - 2012-12-27 00:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\SupportAppCB
2014-03-09 21:54 - 2014-03-09 21:54 - 00000000 ____D () C:\Users\larai_000\AppData\Roaming\Malwarebytes
2014-03-09 21:53 - 2014-03-09 21:53 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-09 21:53 - 2014-03-09 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-09 21:53 - 2014-03-09 21:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 18:38 - 2013-03-29 02:59 - 00000000 ____D () C:\Users\larai_000\Documents\Schule
2014-03-09 17:52 - 2014-03-09 17:52 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 17:52 - 2014-03-09 17:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-09 17:52 - 2014-03-09 17:51 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
Some content of TEMP:
====================
C:\Users\larai_000\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 07:54] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-04-07 07:27
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
defogger_disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:19 on 08/04/2014 (larai_000)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
So funktioniert es:
AdwCleaner auf deinen Desktop.
