Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC scrollt automatisch nach unten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.08.2013, 20:09   #1
Terraformer
 
PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Hallo Trojaner-Board Team,

mein Windows scrollt automatisch nach unten. Ich habe zwar im Forum nachgeschaut, hatten ja schon einige ein Problem, aber das ist ja wohl individuell, welche Lösungsansätze man verwendet, ich habe deshalb gleich die OTL-Files angehängt.

Ich habe auch nach Viren gescannt und mit der Firewall überprüft, nichts nennenswertes, außer dass die PC-Welt Suite und PC-Welt Tune-Up, beide hatte ich aber nur installiert und noch nicht verwendet, als schädlich erkannt wurde



OTL.exe:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.08.2013 19:45:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Eigene Dateien
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,25% Memory free
5,99 Gb Paging File | 3,53 Gb Available in Paging File | 58,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 423,60 Gb Total Space | 386,57 Gb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive D: | 507,81 Gb Total Space | 474,12 Gb Free Space | 93,36% Space Free | Partition Type: NTFS
Drive F: | 144,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1863,01 Gb Total Space | 1396,38 Gb Free Space | 74,95% Space Free | Partition Type: NTFS
 
Computer Name: TOM-HOME-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Eigene Dateien\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Gigabyte\SmartRecovery2_x86\RPMDaemon.exe (Gigabyte Technology CO.)
PRC - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Programme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Splashtop\Splashtop Remote\Server\SRSOOBE.exe (Splashtop Inc.)
PRC - C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\jwpen.exe ()
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\0c72b4e5c1de77634ec157943074cea4\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d5cfc19d54290dc150dedcc6a58cf6ba\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f3a0f58fe7c369ad8f3cf7caf9dfe530\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\2a3197ccfb2048adddde6b0db5a0d265\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f53bcd4c15b40418ee9ddc9eb6c09ea1\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c9894395c04b955cabd43af3a5f62191\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7e03172b9abac125616e59e7452ca94b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\318853f2879d42c73c71220967dee475\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1a5b3023141843aaaf176b8e63bf78e5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6fa468188705932387c89c28c77e3367\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0bcfa477c2670c4343ffdf576810d81d\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\bff5f538eab1eb8a5c42e9867715de33\System.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2f9397ea05512f313f5f21c9d7bc20a3\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SplashtopRemoteService) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SSUService) -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (ICCS) -- C:\Programme\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (HWSuperPowerTablet) -- C:\Windows\jwpen.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\essvr.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PciSPorts) -- system32\DRIVERS\PciSPorts.sys File not found
DRV - (PciPPorts) -- system32\DRIVERS\PciPPorts.sys File not found
DRV - (amdiox86) -- system32\DRIVERS\amdiox86.sys File not found
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AODDriver) -- C:\Programme\Gigabyte\ET6\i386\AODDriver.sys (Advanced Micro Devices)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys ()
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (RTVLANPT) -- C:\Windows\System32\drivers\RtVlan620.sys (Realtek Corporation)
DRV - (TEAM) -- C:\Windows\System32\drivers\RtTeam60.sys (Realtek Corporation)
DRV - (RTTEAMPT) -- C:\Windows\System32\drivers\RtTeam60.sys (Realtek Corporation)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Realtek )
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (NmPar) -- C:\Windows\System32\drivers\NmPar.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (VHWDrawing) -- C:\Windows\System32\drivers\HWDrawing.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031
IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes,DefaultScope = {8DFC250F-A969-4610-9432-E073A61436CC}
IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes\{8DFC250F-A969-4610-9432-E073A61436CC}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793
IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8
FF - prefs.js..extensions.enabledAddons: groovesharkProxy%40DannieDarko:1.3.2
FF - prefs.js..extensions.enabledAddons: SciLorsGrooveUnlocker%40scilor.com:0.3.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.9.3
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.ftp: "91.121.84.128"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "91.121.84.128"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "91.121.84.128"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "91.121.84.128"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.07.10 20:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.15 10:05:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.15 10:05:51 | 000,000,000 | ---D | M]
 
[2013.07.10 12:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2013.08.15 15:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions
[2013.07.12 16:54:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2013.07.12 16:53:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.07.10 20:10:18 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\ffxtlbr@zonealarm.com
[2013.07.10 12:32:29 | 000,000,000 | ---D | M] (Grooveshark Proxy) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\groovesharkProxy@DannieDarko
[2013.08.15 15:33:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\ich@maltegoetz.de
[2013.07.12 18:16:24 | 000,317,252 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.08.15 15:33:12 | 000,050,777 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.07.10 12:33:25 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2013.02.09 10:14:26 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\stealthyextension@gmail.com.xpi
[2012.02.17 18:51:06 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\youtube2mp3@mondayx.de.xpi
[2011.10.16 01:23:18 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.12.27 20:34:34 | 000,010,506 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\gmx-suche.xml
[2012.12.27 20:34:34 | 000,005,489 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\webde-suche.xml
[2013.07.10 19:58:13 | 000,001,498 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\zonealarm.xml
[2013.08.18 15:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.08.18 15:41:40 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [RPMKickstart] C:\Programme\Gigabyte\SmartRecovery2_x86\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{116B09DE-7451-41F3-BEF3-74FC61EFD1C5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.09.25 22:00:00 | 000,000,064 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6dee1b91-e81e-11e2-966a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6dee1b91-e81e-11e2-966a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009.10.09 13:42:10 | 000,103,816 | R--- | M] (CANON INC.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.08.18 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AVG2013
[2013.08.18 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\TuneUp Software
[2013.08.18 18:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.08.18 18:09:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.08.18 18:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.08.18 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013.08.18 18:07:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\MFAData
[2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Avg2013
[2013.08.18 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.08.15 17:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.08.15 17:02:49 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.08.15 17:02:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.08.15 17:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.08.15 17:02:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.08.15 17:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.08.15 17:02:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.08.15 17:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.08.15 17:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.08.15 17:02:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.08.15 12:23:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\jZip
[2013.08.15 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2013.08.15 12:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor
[2013.08.15 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.08.15 09:27:47 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.08.15 09:27:47 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.08.15 09:27:44 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.08.15 09:27:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.07.20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013.07.20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013.07.20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013.07.20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.08.18 19:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.18 19:31:35 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 19:31:35 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.18 19:27:45 | 000,001,136 | ---- | M] () -- C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk
[2013.08.18 19:24:52 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.08.18 19:24:39 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.08.18 19:24:33 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013.08.18 19:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.18 19:24:12 | 2413,748,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.18 19:20:13 | 000,698,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.08.18 19:20:13 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.08.18 19:20:13 | 000,148,828 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.08.18 19:20:13 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.08.18 18:10:55 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.08.15 15:36:20 | 335,308,934 | ---- | M] () -- C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv
[2013.08.15 12:25:53 | 000,000,943 | ---- | M] () -- C:\Users\Tom\Desktop\jZip.lnk
[2013.07.26 05:13:37 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.07.26 04:49:14 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.07.26 03:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013.07.20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013.07.20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013.07.20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013.07.20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
 
========== Files Created - No Company Name ==========
 
[2013.08.18 19:27:45 | 000,001,136 | ---- | C] () -- C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk
[2013.08.18 18:10:55 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.08.15 15:35:08 | 335,308,934 | ---- | C] () -- C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv
[2013.08.15 12:25:53 | 000,000,973 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
[2013.08.15 12:25:53 | 000,000,943 | ---- | C] () -- C:\Users\Tom\Desktop\jZip.lnk
[2013.07.17 17:43:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\HWPenOE.dll
[2013.07.17 17:35:56 | 000,212,696 | ---- | C] () -- C:\Windows\System32\HWMouseSet.exe
[2013.07.17 17:35:56 | 000,077,016 | ---- | C] () -- C:\Windows\jwpen.exe
[2013.07.17 17:35:56 | 000,061,144 | ---- | C] () -- C:\Windows\System32\jwusbchk.dll
[2013.07.17 17:35:56 | 000,017,624 | ---- | C] () -- C:\Windows\DevInst.exe
[2013.07.17 17:35:56 | 000,015,064 | ---- | C] () -- C:\Windows\HWDevInst.exe
[2013.07.17 16:52:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2013.07.12 17:50:43 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013.07.11 09:59:46 | 000,000,439 | ---- | C] () -- C:\Windows\System32\CNCMFP42.INI
[2013.07.09 23:08:23 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2013.07.09 23:03:46 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2013.07.09 23:03:46 | 000,019,056 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2013.07.09 22:57:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.07.09 01:26:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.07.09 01:23:55 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013.07.09 01:23:55 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013.07.09 01:23:55 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2013.03.29 04:13:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe
[2013.03.12 07:38:22 | 000,695,006 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2013.03.04 20:52:52 | 000,230,836 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2013.02.01 02:14:10 | 000,075,600 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.11.22 17:14:26 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.08.18 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013
[2013.07.11 11:11:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canon
[2013.07.10 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\CheckPoint
[2013.07.17 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MAGIX
[2013.07.09 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Splashtop Remote Client
[2013.07.12 16:38:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Thunderbird
[2013.08.18 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---







Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.08.2013 19:45:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Eigene Dateien
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,25% Memory free
5,99 Gb Paging File | 3,53 Gb Available in Paging File | 58,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 423,60 Gb Total Space | 386,57 Gb Free Space | 91,26% Space Free | Partition Type: NTFS
Drive D: | 507,81 Gb Total Space | 474,12 Gb Free Space | 93,36% Space Free | Partition Type: NTFS
Drive F: | 144,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1863,01 Gb Total Space | 1396,38 Gb Free Space | 74,95% Space Free | Partition Type: NTFS
 
Computer Name: TOM-HOME-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F1334-A022-43CA-B714-7D4EDA11A6E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{01F653B8-9F39-4178-8F27-E00F5B7A87FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{128E7F9A-0D7E-46D5-BA5F-3F395F346C01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{16307A6C-29C6-4DE6-A2F8-99E446C9A449}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3612A0FD-3D0A-4889-B6CD-D6EAA763BFDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41FD6D21-023C-4F31-A0B0-E0D7A1BA2333}" = rport=138 | protocol=17 | dir=out | app=system | 
"{469C079B-9E97-43A3-876A-BC7F2A0E0430}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E92999D-038B-45E1-B835-2AE760AB378D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B0799E0-30CF-48D6-9972-F2228BCE71F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5B32D88D-55E6-4A93-88FE-CFE1573EAB2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B725A1B-ACB2-4E88-AA0B-63D38B320A81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{75A76EA5-4D90-4AD3-A313-DAA9958846DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EF42413-CEDB-46AE-8AD6-C261567E14F3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A67DB801-7253-49C2-B688-0E5A8EB0EA7E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B06CF49D-FC41-4389-95AD-2E7B235B3232}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B510A399-4D10-4BA6-95D2-18BE053FB52C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B61398C5-88DE-4553-BCF7-4DA4CA5B5A44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFD716E7-9ED0-4313-8A99-41B52C2B6852}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C70737E8-BFBC-4A6E-950F-9CB10F4CE4E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC59AFDF-F384-415A-85F9-8C6A4F2213C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D3C92DB5-20AC-4571-9AB9-61A88908779D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DC520DF0-D0CA-4E1F-88F5-F8B0640F5A74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC8C1E41-9E94-491B-9D01-743C65CA6A41}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E2B9ABF8-B17E-48FA-81B5-22356875F8CE}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B6B920-C9AB-4DBD-85E4-87DFBD95FBCF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{0D4955EF-D8A7-426B-9545-D7ADA6DAA657}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{126265AF-AA66-4B8B-A973-32AD14E5C295}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{1310401D-B477-40CB-B877-7CCBDAEEC2A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1535A17E-2174-4E4B-91B2-6769DA823BF7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{2BE42523-A719-49EA-9D43-05CE84525710}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{42057F0C-3B83-4C05-AC90-F04CD229D14D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{46CCE0DA-6EF1-4F96-AF82-F54537566F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66BF9F3C-E152-414B-9F8C-B3CAB06DEC63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7021D21C-C6CA-4D38-BD05-32698B594403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{79016B9B-D7C6-42FF-8566-B5E17114DF1F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83D45EE7-B149-4C71-8EA1-552A7589463B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9181085C-35A5-4409-B737-C7AE71AAD33E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A7F59905-CE13-4B92-8919-42971A041F47}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B3A3B7D5-D807-4C01-92F0-4BCC3DC85EE7}" = protocol=6 | dir=out | app=system | 
"{B40F8E3F-EE1B-4A91-85A8-CBF739878188}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B819F8B5-A41E-4EF6-BA0E-1F9BA7D2F7D8}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{BB113821-F211-4B8B-A50B-578BE95583EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB7C4074-FA94-45B8-BA6D-0EC1C238A871}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{C0586423-0669-4113-A73B-78EFF800327D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C32BD6D5-79AD-44CB-99FE-B7AE80183555}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAE0F387-F342-44B1-A79A-9BD986760B68}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{CE2E8AE0-DB96-4273-B0A4-94DD692D14F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5AB810D-74FA-4AFF-B631-22A9FA802F67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DC3A9985-69FD-481B-BC4D-EBAB35787C9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DDCE3337-656E-4409-84CD-F8AE5AFF8ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E70E7034-3A0F-46B1-843B-E6399F4EECB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F65E5ED3-144E-4F7B-B882-535F59297D9D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{F775E047-DBFB-46F5-A74A-CF3D170C7B5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{F9F8701A-6DAB-4323-81B2-27DA8364C765}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{2E98E2C3-8626-4593-BBC8-298DF0DF49D8}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | 
"TCP Query User{668D4031-2975-4A40-87A6-81182CE6840A}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | 
"TCP Query User{8A919811-42DF-431D-A94A-72D81AE163BE}C:\program files\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\runupd.exe | 
"UDP Query User{68781E72-AE45-4EB9-A448-AB34D6D220D4}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | 
"UDP Query User{744ADD6C-1834-46E7-B9C2-B15B957150EA}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | 
"UDP Query User{82EAA738-4F08-46EC-A66F-EA082A74F367}C:\program files\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\runupd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Corel Painter 12
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"_{761B6C00-A23A-4F17-9D23-CB7E48307314}" = Corel Graphics - Windows Shell Extension
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{00DAA13A-EA2A-4142-AEB6-FFA6B124985D}" = HWTablet
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{075A7877-02CA-4B15-8534-1211712A8E79}" = ZoneAlarm Firewall
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{15971B11-14DA-873C-1ACD-188603C38889}" = AMD Catalyst Install Manager
"{169ADA4A-8079-4CD8-8E20-030B1A54E552}" = CorelDRAW Graphics Suite X6 - DE
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1BD9E24B-DB16-491C-8092-F158664BB9F6}" = ZoneAlarm Security
"{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Painter 12 - Setup Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 9
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2333E82C-E577-4982-B60F-80C74BA69A07}" = Corel Painter 12 - IPM
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.0418.1
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{33ABEC18-41FB-4558-A245-BEED47897D0C}" = Painter 12 - FR
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{36B01464-5050-4492-BAA3-46E62551EEAB}_is1" = PC-WELT-TuneUpSuite 1.0
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = AMD VISION Engine Control Center
"{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}" = SlimDrivers
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView Ver.1.5 B12.0314.1
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{4461B49E-E20D-422B-A507-698446FE2AC8}" = Painter 12 - IT
"{44FDF3F0-9DEF-46A6-A552-404BBF55451B}" = Painter 12 - Core
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4E90A19D-D345-2F69-4B71-2503B5C10FE7}" = AMD Fuel
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{73BD1CE5-F278-4540-B667-7F7D86488236}" = Hanvon Soft 3.0
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{761B6C00-A23A-4F17-9D23-CB7E48307314}" = Corel Graphics - Windows Shell Extension
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{776DC020-024F-4C19-AB2B-B526164136F8}" = Painter 12 - DE
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85494707-8DE1-3F79-9B74-A619BA2188A4}" = AMD Media Foundation Decoders
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EF200A3-1CAC-462E-990B-EC902279BAAA}" = Microsoft Visual Basic for Applications 7.1 (x86) German
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A5CB0BC7-9553-420D-A3CD-D3C59FB99872}" = Painter 12 - EN
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A7581B61-C9F9-4fea-B845-E7733C17EC19}" = Canon MF8000C Series
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B0B6E3AF-093D-9B5C-040D-D3BBB90CE757}" = AMD Accelerated Video Transcoding
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4B8D818-7027-1744-8A21-DD53509E041A}" = ccc-utility
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36C13C4-C802-4A57-8B7C-3D9DF80F3E95}" = Smart Recovery 2 B12.0417.1 (x86)
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B12.0531.01
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F2776738-1A97-45F2-BE5A-DBBC66ACB9D4}" = Painter 12 - Painter
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{FBAAC4C8-D5ED-4308-9FC6-84E44E392395}" = Painter 12 - Content
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 9
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1
"InstallShield_{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Splashtop Software Updater" = Splashtop Software Updater
"WFTK" = Canon Utilities WFT Utility
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"jZip" = jZip
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2013 13:53:14 | Computer Name = Tom-Home-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C008
 
Error - 17.07.2013 13:53:14 | Computer Name = Tom-Home-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008 SKU-ID=586bc076-c93d-429a-afe5-a69fbc644e88
 
Error - 18.07.2013 04:15:55 | Computer Name = Tom-Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010,
Zeitstempel: 0x50aee407 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x508 Startzeit der fehlerhaften Anwendung: 0x01ce838f04265e51 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 44390c38-ef82-11e2-b1cb-902b34a84031
 
Error - 18.07.2013 04:38:20 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte
nicht heruntergefahren werden.
 
Error - 18.07.2013 04:38:20 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte
nicht heruntergefahren werden.
 
Error - 18.07.2013 11:10:50 | Computer Name = Tom-Home-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 18.07.2013 11:10:50 | Computer Name = Tom-Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 16.1.0.843,
Zeitstempel: 0x4fff8124 Name des fehlerhaften Moduls: Wintab32.dll, Version: 3.0.0.1,
Zeitstempel: 0x4ae66b46 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00001189 ID des fehlerhaften
Prozesses: 0x1488 Startzeit der fehlerhaften Anwendung: 0x01ce83c7c613de25 Pfad der
fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Wintab32.dll Berichtskennung: 3b1463a5-efbc-11e2-a1fc-902b34a84031
 
Error - 18.07.2013 15:30:14 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte
nicht heruntergefahren werden.
 
Error - 18.07.2013 15:30:14 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte
nicht heruntergefahren werden.
 
Error - 15.08.2013 12:23:09 | Computer Name = Tom-Home-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ System Events ]
Error - 15.08.2013 06:11:50 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 15.08.2013 06:11:50 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 15.08.2013 06:11:51 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 15.08.2013 12:21:48 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
 
Error - 18.08.2013 09:49:57 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.08.2013 09:49:58 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.08.2013 09:49:59 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.08.2013 09:49:59 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.08.2013 13:05:53 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
 
Error - 18.08.2013 13:23:03 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
 
 
< End of report >
         
--- --- ---


Sollte noch was fehlen, reiche ichs natürlich gerne nach.

Ich hoffe ihr könnt mir helfen, das ist mein Geschäfts PC und so kann ich nicht arbeiten und meine Termine nicht einhalten. In meinem Business kann mich das ruinieren...

Liebe Grüße,
Tom

Alt 18.08.2013, 21:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 19.08.2013, 09:10   #3
Terraformer
 
PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Hallo Schrauber,

vielen Dank für die schnelle Antwort :-)

Hier die Dateien:


FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by Tom (administrator) on 19-08-2013 09:03:32
Running from D:\Eigene Dateien
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe
() C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
() C:\Windows\jwpen.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
() C:\Windows\Jwpen.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRSOOBE.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Gigabyte Technology CO.) C:\Program Files\Gigabyte\SmartRecovery2_x86\RPMDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-08-30] (Check Point Software Technologies)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4045432 2000-01-01] (VIA)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [RPMKickstart] - C:\Program Files\Gigabyte\SmartRecovery2_x86\RPMKickstart.exe [1785856 2013-07-12] (Gigabyte Technology CO., LTD.)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation)
MountPoints2: {6dee1b91-e81e-11e2-966a-806e6f6e6963} - F:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk
ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031
SearchScopes: HKCU - DefaultScope {8DFC250F-A969-4610-9432-E073A61436CC} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793
SearchScopes: HKCU - {8DFC250F-A969-4610-9432-E073A61436CC} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default
FF user.js: detected! => C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\user.js
FF NetworkProxy: "ftp", "188.134.20.63"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.134.20.63"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.134.20.63"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.134.20.63"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\zonealarm.xml
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Deutsches Wörterbuch - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: zonealarm.com - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: Grooveshark Proxy - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\groovesharkProxy@DannieDarko
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\ich@maltegoetz.de
FF Extension: FoxLingo - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF Extension: artur.dubovoy - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: groovesharkUnlocker - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: SciLorsGrooveUnlocker - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: stealthyextension - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: youtube2mp3 - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [3715248 2011-03-18] (CANON INC.)
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 HWSuperPowerTablet; C:\Windows\jwpen.exe [77016 2010-02-05] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [789856 2013-06-28] (Splashtop Inc.)
R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [583968 2013-05-08] (Splashtop Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2000-01-01] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 AODDriver; C:\Program Files\Gigabyte\ET6\i386\AODDriver.sys [49248 2013-07-12] (Advanced Micro Devices)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2000-01-01] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2000-01-01] (Etron Technology Inc)
R3 gdrv; C:\Windows\gdrv.sys [17488 2013-08-19] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-07-09] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [468272 2012-01-09] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-07-09] (Windows (R) Codename Longhorn DDK provider)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-08-19] ()
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2011-06-15] (Realtek Corporation)
R3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [6400 2007-03-26] (Windows (R) Codename Longhorn DDK provider)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2000-01-01] (VIA Technologies, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [x]
S3 PciPPorts; system32\DRIVERS\PciPPorts.sys [x]
S3 PciSPorts; system32\DRIVERS\PciSPorts.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-18 19:27 - 2013-08-18 19:27 - 00001136 _____ C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk
2013-08-18 19:07 - 2013-08-19 08:35 - 00000168 _____ C:\Windows\setupact.log
2013-08-18 18:11 - 2013-08-18 18:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\AVG2013
2013-08-18 18:10 - 2013-08-18 18:10 - 00000951 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-18 18:10 - 2013-08-18 18:10 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TuneUp Software
2013-08-18 18:09 - 2013-08-18 18:11 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ___HD C:\$AVG
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\Program Files\AVG
2013-08-18 18:07 - 2013-08-19 08:40 - 00000000 ____D C:\ProgramData\MFAData
2013-08-18 18:07 - 2013-08-18 18:21 - 00000000 ____D C:\Users\Tom\AppData\Local\Avg2013
2013-08-18 18:07 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\MFAData
2013-08-18 15:41 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 17:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 17:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 17:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 17:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 17:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 17:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 17:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 17:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 17:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 15:35 - 2013-08-15 15:36 - 335308934 _____ C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv
2013-08-15 12:25 - 2013-08-15 12:25 - 00000973 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
2013-08-15 12:25 - 2013-08-15 12:25 - 00000943 _____ C:\Users\Tom\Desktop\jZip.lnk
2013-08-15 12:23 - 2013-08-15 12:26 - 00000000 ____D C:\Users\Tom\AppData\Local\jZip
2013-08-15 12:21 - 2013-08-15 12:25 - 00000000 ____D C:\Program Files\jZip
2013-08-15 12:15 - 2013-08-15 12:15 - 00000000 ____D C:\Program Files\Smart File Advisor
2013-08-15 10:05 - 2013-08-15 18:28 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-15 09:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:27 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 09:27 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:27 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:27 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:27 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys

==================== One Month Modified Files and Folders =======

2013-08-19 09:03 - 2013-07-09 00:43 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 08:42 - 2009-07-14 06:34 - 00015968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:42 - 2009-07-14 06:34 - 00015968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:40 - 2013-08-18 18:07 - 00000000 ____D C:\ProgramData\MFAData
2013-08-19 08:36 - 2013-07-10 12:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 08:36 - 2013-07-10 00:04 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2013-08-19 08:35 - 2013-08-18 19:07 - 00000168 _____ C:\Windows\setupact.log
2013-08-19 08:35 - 2013-07-12 17:50 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-08-19 08:35 - 2013-07-12 17:50 - 00000382 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2013-08-19 08:35 - 2013-07-09 22:59 - 00000144 _____ C:\service.log
2013-08-19 08:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 20:11 - 2013-07-09 00:36 - 02006697 _____ C:\Windows\WindowsUpdate.log
2013-08-18 19:27 - 2013-08-18 19:27 - 00001136 _____ C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk
2013-08-18 19:20 - 2013-07-09 01:14 - 00000000 ____D C:\Users\Tom\AppData\Local\VirtualStore
2013-08-18 19:07 - 2013-07-10 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 18:21 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\Avg2013
2013-08-18 18:11 - 2013-08-18 18:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\AVG2013
2013-08-18 18:11 - 2013-08-18 18:09 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-18 18:10 - 2013-08-18 18:10 - 00000951 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-18 18:10 - 2013-08-18 18:10 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TuneUp Software
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ___HD C:\$AVG
2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\Program Files\AVG
2013-08-18 18:07 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\MFAData
2013-08-18 15:41 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 18:28 - 2013-08-15 10:05 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-15 18:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 18:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 15:36 - 2013-08-15 15:35 - 335308934 _____ C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv
2013-08-15 12:26 - 2013-08-15 12:23 - 00000000 ____D C:\Users\Tom\AppData\Local\jZip
2013-08-15 12:25 - 2013-08-15 12:25 - 00000973 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
2013-08-15 12:25 - 2013-08-15 12:25 - 00000943 _____ C:\Users\Tom\Desktop\jZip.lnk
2013-08-15 12:25 - 2013-08-15 12:21 - 00000000 ____D C:\Program Files\jZip
2013-08-15 12:15 - 2013-08-15 12:15 - 00000000 ____D C:\Program Files\Smart File Advisor
2013-08-15 09:25 - 2013-07-12 16:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Thunderbird
2013-07-26 05:13 - 2013-08-15 17:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-15 17:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-15 17:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-15 17:02 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-15 17:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 17:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-15 17:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-15 17:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-15 17:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-15 09:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 10:23

==================== End Of Log ============================
         
--- --- ---




Addition.txt:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013
Ran by Tom at 2013-08-19 09:04:06
Running from D:\Eigene Dateien
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

@BIOS (Version: 2.24)
7-Zip 9.20
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 9.3 (Version: 9.3.0)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2203)
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)
AutoGreen B12.0206.1 (Version: 1.00.0000)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MF8000C Series (Version: 3.9.0.0)
Canon MOV Decoder (Version: 1.5.0.7)
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0)
Canon Utilities EOS Utility (Version: 2.8.1.0)
Canon Utilities Original Data Security Tools (Version: 1.8.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.7.0.0)
Canon Utilities WFT Utility (Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility (Version: 2013.0328.2218.38225)
Corel Graphics - Windows Shell Extension (Version: 16.1.0.843)
Corel Graphics - Windows Shell Extension (Version: 16.1.843)
Corel Painter 12 - IPM (Version: 12.4)
Corel Painter 12 (Version: 12.2.1.1212)
CorelDRAW Graphics Suite X6 - Capture (Version: 16.1)
CorelDRAW Graphics Suite X6 - Common (Version: 16.1)
CorelDRAW Graphics Suite X6 - Connect (Version: 16.1)
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1)
CorelDRAW Graphics Suite X6 - DE (Version: 16.1)
CorelDRAW Graphics Suite X6 - Draw (Version: 16.1)
CorelDRAW Graphics Suite X6 - Filters (Version: 16.1)
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1)
CorelDRAW Graphics Suite X6 - Redist (Version: 16.1)
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1)
CorelDRAW Graphics Suite X6 - VBA (Version: 16.1)
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1)
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1)
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1)
CorelDRAW Graphics Suite X6 (Version: 16.1)
CorelDRAW Graphics Suite X6 (Version: 16.1.0.843)
CyberLink Media Suite 9 (Version: 9.0.2608)
CyberLink PowerDVD 9 (Version: 9.0.3518.02)
DMIView Ver.1.5 B12.0314.1 (Version: 1.5)
Easy Tune 6 B12.0509.1 (Version: 1.00.0000)
EasySaver B9.1214.1  (Version: 1.00.0000)
Etron USB3.0 Host Controller (Version: 0.115)
Face_Wizard B12.0531.01 (Version: 1.00.0000)
Hanvon Soft 3.0 (Version: 3.00.2100)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1)
HWTablet (Version: 3.00.0000)
IconHandler 32 bit (Version: 2.0)
jZip (HKCU Version: 2.0.0.133556)
MAGIX Web Designer 6 (Version: 6.0.1.12177)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x86) German (Version: 7.1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729)
MozBackup 1.5.1
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
ON_OFF Charge B11.1102.1 (Version: 1.00.0001)
Painter 12 - Content (Version: 12.4)
Painter 12 - Core (Version: 12.4)
Painter 12 - DE (Version: 12.4)
Painter 12 - EN (Version: 12.4)
Painter 12 - FR (Version: 12.4)
Painter 12 - IT (Version: 12.4)
Painter 12 - Painter (Version: 12.4)
Painter 12 - Setup Files (Version: 12.4)
PC-WELT-TuneUpSuite 1.0
Platform (Version: 1.39)
Q-Share Ver.1.2 (Version: 1.2)
Realtek Ethernet Controller Driver (Version: 7.56.316.2012)
Realtek Ethernet Diagnostic Utility (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122)
SlimDrivers (Version: 2.2.30877)
Smart File Advisor 1.1.1 (Version: 1.1.1)
Smart Recovery 2 B12.0417.1  (x86) (Version: 1.00.0001)
Splashtop Remote Client (Version: 1.1.4.0)
Splashtop Software Updater (Version: 1.5.6.11)
Splashtop Streamer (Version: 2.4.0.1)
Update Manager B12.0418.1 (Version: 1.00.0000)
VIA Plattform-Geräte-Manager (Version: 1.39)
ZoneAlarm Antivirus (Version: 10.2.081.000)
ZoneAlarm Firewall (Version: 10.2.081.000)
ZoneAlarm Free Antivirus + Firewall (Version: 10.2.074.000)
ZoneAlarm Security (Version: 10.2.081.000)
ZoneAlarm Security Toolbar 
 

==================== Restore Points  =========================

17-07-2013 14:45:47 Installed Microsoft Office Professional Plus 2010
17-07-2013 15:08:48 DirectX wurde installiert
17-07-2013 15:09:54 DirectX wurde installiert
17-07-2013 15:10:51 DirectX wurde installiert
17-07-2013 15:11:48 DirectX wurde installiert
17-07-2013 15:12:45 DirectX wurde installiert
17-07-2013 15:13:43 DirectX wurde installiert
17-07-2013 15:35:33 Installiert HWTablet
17-07-2013 15:43:32 Installiert Hanvon Soft 3.0
17-07-2013 18:01:33 Vor Benutzer auf D verschieben!!!!!
18-07-2013 08:37:45 Windows Update
18-07-2013 19:29:40 Windows Update
15-08-2013 07:25:14 Windows Update
15-08-2013 15:01:57 Windows Update
18-08-2013 16:09:01 Installed AVG 2013
18-08-2013 16:09:30 Installed AVG 2013

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3A08743D-2386-4E4F-97C4-4A1A582675FD} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {67E40878-4FBB-4B84-BFFD-5293496B68A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10] (Adobe Systems Incorporated)
Task: {E9E544BB-6C45-49C4-BAD9-D1950FE73371} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2013 07:44:32 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 169c

Startzeit: 01ce9c38dc310ca3

Endzeit: 13

Anwendungspfad: D:\Eigene Dateien\OTL.exe

Berichts-ID:

Error: (08/15/2013 06:23:09 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005

Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden.

Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden.

Error: (07/18/2013 05:10:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 16.1.0.843, Zeitstempel: 0x4fff8124
Name des fehlerhaften Moduls: Wintab32.dll, Version: 3.0.0.1, Zeitstempel: 0x4ae66b46
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00001189
ID des fehlerhaften Prozesses: 0x1488
Startzeit der fehlerhaften Anwendung: 0xCorelDRW.exe0
Pfad der fehlerhaften Anwendung: CorelDRW.exe1
Pfad des fehlerhaften Moduls: CorelDRW.exe2
Berichtskennung: CorelDRW.exe3

Error: (07/18/2013 05:10:50 PM) (Source: .NET Runtime) (User: )
Description: Application: CorelDRW.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000094, exception address 02F61189
Stack:

Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden.

Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden.

Error: (07/18/2013 10:15:55 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x508
Startzeit der fehlerhaften Anwendung: 0xtaskhost.exe0
Pfad der fehlerhaften Anwendung: taskhost.exe1
Pfad des fehlerhaften Moduls: taskhost.exe2
Berichtskennung: taskhost.exe3

Error: (07/17/2013 07:53:14 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008
SKU-ID=586bc076-c93d-429a-afe5-a69fbc644e88


System errors:
=============
Error: (08/18/2013 08:11:30 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (08/18/2013 07:23:03 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (08/18/2013 07:05:53 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (08/18/2013 03:49:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/18/2013 03:49:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/18/2013 03:49:58 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/18/2013 03:49:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (08/15/2013 06:21:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.

Error: (08/15/2013 00:11:51 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (08/15/2013 00:11:50 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (08/18/2013 07:44:32 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0169c01ce9c38dc310ca313D:\Eigene Dateien\OTL.exe

Error: (08/15/2013 06:23:09 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 
PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0vsmon.exeTrueVector Internet Monitor03026216114840

Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0vsmon.exeTrueVector Internet Monitor0302621611484143003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730078006D006C0034002E0064006C006C000000

Error: (07/18/2013 05:10:50 PM) (Source: Application Error)(User: )
Description: CorelDRW.exe16.1.0.8434fff8124Wintab32.dll3.0.0.14ae66b46c000009400001189148801ce83c7c613de25C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exeC:\Windows\system32\Wintab32.dll3b1463a5-efbc-11e2-a1fc-902b34a84031

Error: (07/18/2013 05:10:50 PM) (Source: .NET Runtime)(User: )
Description: Application: CorelDRW.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000094, exception address 02F61189
Stack:

Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0vsmon.exeTrueVector Internet Monitor03026216114840

Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT)
Description: 0vsmon.exeTrueVector Internet Monitor0302621611484143003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730078006D006C0034002E0064006C006C000000

Error: (07/18/2013 10:15:55 AM) (Source: Application Error)(User: )
Description: taskhost.exe6.1.7601.1801050aee407unknown0.0.0.000000000c00000050000000050801ce838f04265e51C:\Windows\system32\taskhost.exeunknown44390c38-ef82-11e2-b1cb-902b34a84031

Error: (07/17/2013 07:53:14 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C008586bc076-c93d-429a-afe5-a69fbc644e88


CodeIntegrity Errors:
===================================
  Date: 2013-08-19 08:57:23.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 19:58:36.240
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 19:44:45.640
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-18 15:00:12.230
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-16 10:40:05.920
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-15 17:01:13.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-15 16:36:09.214
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-15 16:29:51.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-18 17:00:02.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-18 10:27:53.922
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3069.24 MB
Available physical RAM: 1471.32 MB
Total Pagefile: 6136.77 MB
Available Pagefile: 3444.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:423.6 GB) (Free:386.15 GB) NTFS
Drive d: (09072013) (Fixed) (Total:507.81 GB) (Free:474.11 GB) NTFS
Drive f: (CanonEOS223W) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
Drive g: (Sicherungen 06-07-13) (Fixed) (Total:1863.01 GB) (Free:1396.38 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:14.91 GB) (Free:10.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F57A120D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=508 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7CF62292)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 19.08.2013, 12:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Ist das ein Firmenrechner wo es ne eigene IT-Abteilung für gibt?

Ist ein Laptop oder? Bist du handwerklich zu gebrauchen?

Zitat:
(汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk
ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司)
Kennst Du das?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2013, 13:19   #5
Terraformer
 
PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Nein, bin Selbstständig ohne Angestellte, den PC (kein Laptop) benutze nur ich.

Hanvon ist mein Grafiktablett aus Fernost, hat aber noch nie Mucken gemacht.


Alt 19.08.2013, 17:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Zitat:
Hanvon ist mein Grafiktablett aus Fernost, hat aber noch nie Mucken gemacht.
Supi, sieht nämlich nach malware aus

Kannst Du das Touchpad deaktivieren? Wenn ja machen und ne externe Maus anschliessen, nochmal testen.

ich denke das Touchpad oder die Tastatur hat nen Macken, deswegen die Frage nach deinem handwerklichen Geschick.
__________________
--> PC scrollt automatisch nach unten

Alt 19.08.2013, 22:52   #7
Terraformer
 
PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Hallihallo Schrauber,

so wies aussieht scheints wieder zu gehen :-) :-)

Vielen, vielen Dank :-)

Ich habe das Grafiktablett deinstalliert und noch 2 andere Sachen die mir in diesem Fall sehr sehr seltsam vor kamen. Ich hatte den PC (kein Laptop) erst vor 4 Wochen neu aufgesetzt und war dazwischen im Urlaub, konnte deshalb auch nicht mehr alles ganz genau nachvollziehen was ich zuvor gemacht habe.

Ich habe zwei verschiedene Mäuse ausprobiert und zu guter Letzt die Maus an nem anderen PC Port eingesteckt.

Was auch noch seltsam war, wenn ich auf den Link ausm Thunderbird raus zu diesem Thread angeklickt habe, bin ich auf eine russische Seite weiter geleitet worden, nur Text, keine Bildchen oder so, nur kyrillische Schrift, mit nem Link darauf den man vermutlich nach deren Wünsche anklicken sollte, habe ich natürlich nicht gemacht. Auch wenn ich selber eine Firefox Seite öffnen wollte, bin ich nur da drauf gekommen. Internet Explorer hat aber normal funktioniert.

Im Endeffekt habe ich also nicht wirklich viel gemacht, deswegen bin ich mir noch nicht zu 100% sicher ob wirklich alles funktioniert. Aber ich bin guter Dinge.

Ich werde das Grafiktablett nun wieder neu installieren und dann mal sehen, die Software ist original, dürfte nicht daran liegen, aber vielleicht haben sich da irgendwelche Treiber nicht vertragen... Aber wieso dann diese russische Seite gestartet wurde, bleibt weiterhin ein Rätsel. Die Maus bleibt im anderen USB stecken.

Sollte wieder erwarten trotzdem noch was diesbezüglich sein, dürfte ich mich nochmal melden?

Ansonsten, nochmals herzlichen Dank, ich hatte mich wirklich im Kreis gedreht und alles mögliche ausprobiert, aber auf das Grafiktablett bin ich nicht gekommen da ich wie gesagt in dieser Hinsicht nie Probleme hatte, die russische Seite kann ich mir auch nicht erklären...

Computer sind halt doch seltsame Wesen ;-)

In diesem Sinne danke ich dir nochmal vielmals...

Liebe Grüße,
Tom

Alt 20.08.2013, 13:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PC scrollt automatisch nach unten - Standard

PC scrollt automatisch nach unten



Alles klar, wenn noch was sein sollte einfach melden
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PC scrollt automatisch nach unten
7-zip, autorun, browser, continue, desktop, error, firefox, firefox 23.0.1, flash player, helper, home, homepage, install.exe, kaspersky, logfile, mozilla, mp3, object, problem, realtek, registry, rundll, scrollen, security, senden, server, software, svchost.exe, taskhost.exe, viren, windows



Ähnliche Themen: PC scrollt automatisch nach unten


  1. Windows startet ers nach einem reset und scrollt in allen Dokumenten dauerhaft nach unten
    Alles rund um Windows - 17.07.2015 (2)
  2. Unkontroliertes Mousescrolling nach unten
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (7)
  3. Scrollt automatisch runter - nur in Installationsprogrammen
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (7)
  4. Windows 8 macht nichts mehr & Werbung links,unten-rechts,unten-mitte
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (11)
  5. Popup rechts unten im Browser, nervende Werbung, schiebt sich von unten rein
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (16)
  6. Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (15)
  7. Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (36)
  8. rechner scrollt automatisch runter im browser bei spielen im media player überall...
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  9. Laptop Samsung R700 scrollt einfach nach unten!
    Log-Analyse und Auswertung - 08.08.2011 (3)
  10. Seite Scrollt automatisch ein Stück runter / Hoch ohne Maus Bewegung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (3)
  11. Maus scrollt Automatisch hoch und runter!
    Netzwerk und Hardware - 04.11.2010 (1)
  12. laptop scrollt von alleine nach unten
    Log-Analyse und Auswertung - 17.11.2009 (5)
  13. fenster scrollt immer nach unten
    Log-Analyse und Auswertung - 01.05.2008 (1)
  14. Seiten scrollen nach unten.....
    Plagegeister aller Art und deren Bekämpfung - 16.09.2007 (14)
  15. Wenn ich nach unten oder oben scrolle dauert es die seite zieht in quer streifen nach
    Antiviren-, Firewall- und andere Schutzprogramme - 01.09.2007 (21)
  16. Mein PC scrollt seiten automatisch nach unten!
    Log-Analyse und Auswertung - 21.02.2006 (2)
  17. rechner scrollt seiten automatisch nach unten
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (14)

Zum Thema PC scrollt automatisch nach unten - Hallo Trojaner-Board Team, mein Windows scrollt automatisch nach unten. Ich habe zwar im Forum nachgeschaut, hatten ja schon einige ein Problem, aber das ist ja wohl individuell, welche Lösungsansätze man - PC scrollt automatisch nach unten...
Archiv
Du betrachtest: PC scrollt automatisch nach unten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.